A new zombie attack is preying on Windows users in an attempt to take over their machines, according to researchers.

Microsoft security researchers recently reported a new malware campaign, called Nodersok, that aims to disable Windows Updates and Windows Defender and turn the victimized device into a “zombie” proxy. The Nodersok infection begins with a malicious ad or phishing email that downloads an HTML application file that includes JavaScript code. That code starts another JavaScript download that initiates PowerShell, which runs commands that access secure system files and disable Windows Update and Windows Defender, eventually turning the machine into a “zombie” that a hacker can control remotely. The hacker can then use the device for criminal activity.

Researchers said the Nodersok attack is unique in that it uses valid binaries to “hide in plain sight” and brings its own living-off-the-land binaries (LOLBins) for its malicious intent. Nodersok uses the LOLBins Node.exe and WinDivert to infect machines.

The Nodersok zombie attacks have been linked to infections in thousands of machines in the United States and Europe over the last few months.