topic Threat actors misuse Node.js to deliver malware and other malicious payloads in Threats https://community.isc2.org/t5/Threats/Threat-actors-misuse-Node-js-to-deliver-malware-and-other/m-p/78852#M1596 <P>Dear All,</P><P>&nbsp;</P><P>Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. While traditional scripting languages like Python, PHP, and AutoIT remain widely used in threats, threat actors are now leveraging compiled JavaScript—or even running the scripts directly in the command line using Node.js—to facilitate malicious activity. This shift in threat actor techniques, tactics, and procedures (TTPs) might indicate that while Node.js-related malware aren’t as prevalent, they’re quickly becoming a part of the continuously evolving threat landscape.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/" target="_blank" rel="noopener">Threat actors misuse Node.js to deliver malware and other malicious payloads</A></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Apr 2025 07:26:37 GMT Kyaw_Myo_Oo 2025-04-16T07:26:37Z Threat actors misuse Node.js to deliver malware and other malicious payloads https://community.isc2.org/t5/Threats/Threat-actors-misuse-Node-js-to-deliver-malware-and-other/m-p/78852#M1596 <P>Dear All,</P><P>&nbsp;</P><P>Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. While traditional scripting languages like Python, PHP, and AutoIT remain widely used in threats, threat actors are now leveraging compiled JavaScript—or even running the scripts directly in the command line using Node.js—to facilitate malicious activity. This shift in threat actor techniques, tactics, and procedures (TTPs) might indicate that while Node.js-related malware aren’t as prevalent, they’re quickly becoming a part of the continuously evolving threat landscape.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/" target="_blank" rel="noopener">Threat actors misuse Node.js to deliver malware and other malicious payloads</A></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Apr 2025 07:26:37 GMT https://community.isc2.org/t5/Threats/Threat-actors-misuse-Node-js-to-deliver-malware-and-other/m-p/78852#M1596 Kyaw_Myo_Oo 2025-04-16T07:26:37Z