The Novter Trojan, also known as Nodersok or Divergent, is the latest Trojan to actively target Microsoft's Windows Defender by attempting to disable it.
Last week, three reports came out about a new fileless Trojan that installs Node.JS onto a victim's machines and configures it as a proxy server for click-fraud and other malicious activity. This Trojan is named by Microsoft as Nodersok, Divergent by Cisco Talos, and Novter by Trend Micro.
With Windows Defender maturing into a full-fledge AV solution and becoming tightly integrated into the Windows operating system, recent Trojans have been making an effort to disable its real-time protection and other features. This will allow Trojans to download further malware without risk of Defender detecting them or for future definition updates from detecting existing malware.
As previously explained by all three companies, when installed Novter will execute a PowerShell script that disables Windows Defender and modifies Windows Update settings. This is becoming more common as we have seen TrickBot and Gootkit disable Windows Defender in recent variants.
According to security researcher Vitali Kremez, who also reverse engineered Novter, the malware will add a variety of Windows policies that disable various functionality in Windows Defender.
Novter disabling Windows ..
Support the originator by clicking the read the rest link below.
