A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury. The new spam campaign was discovered by Abuse.ch that says payment for a government contract was not paid due to incorrect banking information. The email then prompts the user to examine the document for any mistakes, as if they do not hear back, the money will be used of the government’s Coronavirus disaster relief.
Source: https://www.bleepingcomputer.com/news/security/fake-us-dept-of-treasury-emails-spreads-new-nodejs-malware/