A new Technique used by hackers to hijack PCs to turn them into proxies

Every passing second a new technology is introduced to bring ease in the life of millions of users. We are the generation of digital media and technologies that pretty much rely on various digital devices and other products to perform daily tasks. Although the majority of new technology is meant to help users in their daily lives but the fear of malicious attacks never goes away. Users trust those platforms that display a more secure environment for its users. Along with an update on new technologies, a variety of hackers also update their techniques accordingly.

Recently, reports revealed about a new malware technique used by unknown sources to utilize web apps and turn PCs into hubs for malicious attacks. There are thousands of systems that already have been a victim of these attacks.

Earlier days, only botnets were considered as tools that can hijack PCs for various illegal activities but not anymore. According to the researchers of Microsoft and Cisco’s Talos, new malware is used that utilizes web apps to turn systems into a medium for malicious internet traffic to perform click fraud.

More insight into the malicious attack

As revealed by reports, the attack makes the victim system run an HTA (HTML application) file through a malicious ad or download which results in the launch of complex events. The JavaScript present in the HTA downloads a separate JavaScript file, and that file then runs a PowerShell command which results in downloading and running of various host of tools including a tool that disables Windows Defender (antivirus), ask for more control, capture data packets and create a proxy. The infection by these malware attacks completely relies on authenticated programs to accomplish its task whether they’re downloaded from third parties or built into windows. Just because no malware programs are copied to the storage of the system so it makes it difficult for security teams to research the malware or recommend any sort of precautions.


There’s still no official information regarding the people behind these Nodersok attacks but this attack appears more helpful for everyday criminals rather than hostile countries. According to Cisco, these new malware attacks are actually meant as click fraud or some new strategy used to generate ad clicks from websites to boost revenue as most of the targets were consumers in Europe and the US rather than corporate or government users.

Bottom Line

Microsoft and Cisco both are looking for solutions to prevent these malware attacks by their defense systems. Both companies are looking for some new ways to make it possible for their defense systems to detect such malware attacks and also to prevent them from happening again. The majority of the people don’t have much access to resources that can prevent such attacks. According to report, within the past few weeks, Nodersok has targeted thousands of machines and as Microsoft is trying hard to find a solution for these malicious attacks we think Microsoft might prevent it from happening again.


Photo Credit: Getty Images/Hero Images

Read next: Curious to know about the best Windows Security Products? We have what you’re looking for!
Previous Post Next Post