Expert Comment: New Node.js Malware Distributed by Fake U.S. Dept of Treasury Emails

As per Bleeping Computer report, the new Node.js based remote access trojan and password-stealing malware spreads via malicious emails. It pretends to be coming from the U.S. Department of the Treasury. And for that issue, a cybersecurity expert from Cerberus Sentinel offers perspective.

Experts Comments

May 20, 2020
Chris Clements
VP
Cerberus Sentinel
Cyber criminals are always quick to leverage current events in order to compromise their victims. In this case the lure is the promise of relief money from the government. This is an especially compelling and cruel ploy with many people suffering from severe economic uncertainty due to the COVID19 pandemic, but rest assured attackers will change tactics to exploit future events in the news. This malware campaign is interesting because the attackers used a server-side programming framework.....Read More
Cyber criminals are always quick to leverage current events in order to compromise their victims. In this case the lure is the promise of relief money from the government. This is an especially compelling and cruel ploy with many people suffering from severe economic uncertainty due to the COVID19 pandemic, but rest assured attackers will change tactics to exploit future events in the news. This malware campaign is interesting because the attackers used a server-side programming framework called node.js not typically seen used by end users. This could be to avoid detection by anti-malware software but it’s not clear if that was the primary motivation. So far the attackers have not installed ransomware on their victim’s computers which is usually the immediate tactic used by cybercriminals in order to extort money from their victims. Organizations should make sure to update their anti-virus signatures to stop this attack as well as block access to the command and control (C2) server at: central[.]qhub[.]qua[.]one.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.