> - ThreatLabz has observed threat actors deploying NodeLoader using the Node Package Manager (NPM) pkg module to turn Node.js code into standalone Windows executable files for malicious purposes. > - The threat actors employ social engineering and anti-evasion techniques to deliver NodeLoader undetected. > - NodeLoader uses a module called sudo-prompt, a publicly available tool on GitHub and NPM, for privilege escalation. > - The malware delivered by NodeLoader includes cryptocurrency miners and information stealers.