Microsoft warns of Node.js abuse for malware delivery

Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads.

The tech giant has been seeing such attacks aimed at its customers since October 2024 and some of the observed campaigns are still active in April 2025. 

The open source cross-platform runtime environment Node.js is popular among developers, allowing them to execute JavaScript code outside of web browsers. However, this also makes it tempting for threat actors, who can leverage it to disguise their malware and bypass security mechanisms.

Read more at Security Week