A new fileless malicious campaign, dubbed Nodersok, drops its own LOLBins to infect Windows computers with a Node.js-based malware that will turn the devices into proxies. The malware was used to attack thousands of machines within several weeks, with a focus on home users from U.S. and Europe. The attackers have been observed while also delivering the legitimate Node.exe and the Windows Packet Divert (WinDivert) network packet capture tool to devices they target.
Source: https://www.bleepingcomputer.com/news/security/microsoft-spots-nodersok-malware-campaign-that-zombifies-pcs/