Microsoft researchers have revealed a new malware campaign that is infecting thousands of computers worldwide.
After infecting a PC, malware, dubbed Nodersok, can put them behind the scenes to launch other cyber attacks.
Microsoft’s Defender Advanced Threat Protection (ATP) research team said, “Most of the targets are consumers, but about 3 percent of encounters are seen in areas such as education, business services, healthcare, finance and retail.”
“The campaign is particularly interesting, not only because it employs advanced techless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar,” the researchers said. Wrote
The attack begins when a user downloads and runs an HTML application (HTA) file called Player1566444384.hta.
The filename marks vary with each attack.
Analysis of Microsoft Defender ATP Telemetry pointed to compromised advertisements as the most likely transition vector for delivering HTA files.