Microsoft is warning that thousands of computers running Windows have been turned into zombie proxies by Nodersok, a new type of fileless malware. Since July of this year, threat actors have been distributing the malware via online ads that trigger the execution of various malicious files and scripts, which eventually leads to the installation of Nodersok.
The Nodersok campaign relies fully on tools and functionalities that are already present on targeted devices. No malicious code is written to the disk of a compromised machine. Microsoft researchers say that “the campaign is particularly interesting not only because it employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar.”
Read more: Microsoft uncovers Nodersok malware that turns PCs into zombie proxies