Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
released on 2019-09-26 @ 10:03:01 PM
Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called "Divergent."
This threat uses NodeJS — a program that executes JavaScript outside of a web browser — as well as the legitimate open-source utility WinDivert to facilitate some of the functionality in the Divergent malware. The use of NodeJS is not something commonly seen across malware families.