Tech-giant Microsoft recently revealed a new malware campaign affecting thousands of Windows computers across the world. This new strain of malware that downloads and installs in the system automatically infecting the system turns into proxies for launching other cyberattacks and performs click-fraud.
According to Microsoft Defender Advanced Threat Protection (ATP) Research team, The majority of targets are consumers, though around 3 percent of encounters are seen in organizations in sectors like education, professional services, healthcare, finance, and retail mainly in Europe and US.
How to Prevent Such Malware?
To prevent infections, the best advice is that users not run any HTA files they get on their computers, especially if they don’t know about the files’ source. Files downloaded from a web page without knowing its authenticity are always a bad sign and shouldn’t be trusted, regardless of its validity.
The complicated part about Nodersok is, however, its use of legitimate apps and in-memory payloads – file-less execution. These two techniques create detecting Nodersok infections much harder for classic signature-based antivirus programs.
Based on Researchers’ study, the malware appears to be still under development, but the illicit actors behind it seem to have a plan to monetize their infections through click-fraud which means the malware is most likely to appear as pop-up window and make users go through it.