Microsoft and Cisco Talos have found a new malware strain

microsoft cisco talos malware strain

The cybersecurity researchers at Microsoft and Cisco Talos have identified a new malware strain. The malware strain is being called Nodersok (or Divergent). The malware can reportedly be used to target corporate networks and could be used to carry-out click-fraud.

According to Cisco Talos, the Nodersok malware family is apparently built to “generate revenue for attackers” through click-fraud. The way the malware works is similar to another click-fraud malware Kovter.

The malware enters a system in a portable executable format. It installs itself to the system as an HTML Application (HTA) which loads the malware from a registry. The JavaScript then downloads a JavaScript file in the HTA which runs a PowerShell command. This command then downloads and runs many tools, including some which can disable Windows Defender. The malware then gets more access, captures data packets and creates the intended proxy.

Neither Microsoft nor Cisco Talos knows where the malware strain originated. But conducting click-fraud to generate revenues from websites seems to be the main motive of the malware. The consumers in Europe and the US have mainly been the targets of the strain till now.

Microsoft says that the malware has affected thousands and anticipates the number of affected systems to grow.