Malware can do a variety of things, from serving you hundreds of ads to earn a hacker money, to forcing you to mine cryptocurrency, to even locking you out of your PC. But this latest one turns your computer into a zombie that can then actively affect another PC.
The new malware was discovered by Microsoft, in partnership with Cisco's Talos researchers. It's published in new reports they've both released this week.?
Called 'Nodersok' and 'Divergent', by Microsoft and Talos respectively, it's a particularly vicious malware. It doesn't just take control of an infected computer, but also turns into what Microsoft calls "Zombie proxies"
Basically, it corrupts otherwise legitimate software and uses it to infect other computers. The researchers say it's already infected thousands of PCs across the US and Europe.?
The malware campaign aims to trick users into downloading and running an HTML application, usually through malicious ads. This then triggers what looks like a fairly complex hacking sequence, using existing legitimate tools (or downloading them first), so it leaves barely any trace of the malware's existence.
"All of the relevant functionalities reside in scripts and shellcodes that are almost always coming in encrypted, are then decrypted, and run while only in memory. No malicious executable is ever written to the disk," the Microsoft blog post reads. That's why cybersecurity researchers call this kind of attack a "fileless" one.
First, the malware disables your Windows Defender, letting it take control of your PC without tripping the antivirus alarm. It's only on the ultimate goal of the malware that Microsoft and Cisco differ. The former believes it then uses these computers to allow the hackers access other networks and carry out other malicious activities on the quiet. The latter however believes it conducts click-fraud activities, which is basically pretending your PC is clicking on certain ads. This steals money for the hackers straight from advertisers.
In any case, both companies now claim their antivirus software has been updated to detect the malware from now on.