Microsoft Warns of Malvertising Campaign Using Node.js to Spread Malware via Fake Crypto Trading Sites

Microsoft has issued a warning about a malvertising campaign that utilizes Node.js to distribute information-stealing malware through fake cryptocurrency trading sites such as Binance and TradingView. Since October 2024, Microsoft has observed an increasing use of Node.js in malware campaigns, including an ongoing crypto-themed malvertising attack in April 2025. Threat actors are increasingly turning to Node.js to deploy malware, moving away from traditional methods.