Microsoft and Cisco Talos recently announced that they have discovered a malware campaign that can transform your personal computer into what Microsoft is calling a “zombie proxy”. The malware uses legitimate programs on your computer and it is suspected that it has infected thousands of PCs in the United States and Europe.
In separate reports, researchers at Cisco’s Talos and Microsoft described the threat to cybersecurity. Cisco named the malware “Divergent” and Microsoft tagged it as “Nodersok“. The malware campaign works to get the unsuspecting user to download and use an HTML application that sets up a hacking process that doesn’t leave much to track. The HTML application is usually distributed through a malicious ad or other methods that are hard to detect.
The malware uses existing programs or automatically downloads valid and authentic tools to your computer to hide in your PC’s system. Some of the programs that Microsft and Cisco Talos have found corrupted by Nodersok/Divergent include:
According to a Microsoft blog post:
“All of the relevant functionalities reside in scripts and shellcodes that are almost always coming in encrypted, are then decrypted, and run while only in memory. No malicious executable is ever written to the disk.”
Microsoft calls this type of malware a “fileless threat”. They recommend using their Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) to protect your computer against these threats. According to Microsoft, the Microsoft Defender ATP was able to defeat the threat at “numerous points of dynamic detection through the attack chain.”
The malware will disable Windows Defender, allowing it to sneak past the antivirus software. It will then take control of your computer. At this point, Microsoft and Cisco Talos disagree on the final objective of the malware.
Microsoft researchers think that the hackers want to use the proxy to access other networks and “perform stealthy malicious activities.”
Cisco Talos states their belief that the malware is similar to other viruses created to implement click-fraud. According to Forbes, this malicious tactic cost advertisers around $19 billion just in 2018 alone.
Regardless of the ultimate objective, the outcome is the same: you and your computer are hijacked for nefarious reasons. As stated earlier, thousands of computers have been infected, with the virus ramping up its attacks over the last thirty days.
Cisco Talos and Microsoft have both stated that their antivirus software has been upgraded to detect this new threat.
Take the time to update your antivirus software and do another scan. If you discover this virus on your computer there are a couple of ways to have it removed. The first is to take it to your local computer expert and have them remove it. IF you are computer savvy, PC Malware Repair has a step-by-step guide to removing the Nodersok virus here. Do not attempt this if you are not comfortable working in the backend of your computer system.