Recent weeks have seen a spate of scams associated with the Coronavirus pandemic, and there is little evidence of the end being in sight (either of the real-world threat to health or the cybercriminal attacks.)
Amongst other reports, the analysts at Trend Micro have warned of a threat being distributed within a file called Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar.
Of course, filenames are trivial to change – and just watching out for a file with a specific name is not a sensible way to keep your computer malware-free. A better way to protect yourself is to be wary of opening unsolicited files, and to run a recently updated anti-virus program.
Unfortunately, in this case, detection by anti-virus software may not currently be as good as would be normally hoped – perhaps because it is written for the Node.js runtime environment that executes JavaScript code outside of its normal habitat within your web browser.
This particular Trojan horse may not be a significant threat for most users, but it has some unusual characteristics which make it noteworthy:
Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as “QNodeService”.
The use of Node.js is an unusual choice for malware authors writing commodity malware, as it is primarily designed for web server development, and would not be pre-installed on machines likely to be targeted. However, the use of an uncommon platform may have helped evade detection by antivirus software.
The malware has functionality that enables it to download/upload/e ..
Support the originator by clicking the read the rest link below.
