Sharing: The threat I observed is discussed at length here. I'm sharing this with the community to remove ANY doubt this threat IS in the wild and can be downloaded totally without any intervention and from sites you visit each and every day. I want to ALSO STRESS the fact that NORTON STOPPED IT, dead in its tracks. Check your router firmware and consult with your ISP for their inputs to update and/or replace devices that are known to be vulnerable.

Symantec also detects this type of threat as discussed here.

On January 14th I was using my Dell laptop to confer about an item for sale on the Face Book Marketplace, via FB Messenger. The keyboard, began to drop letter functionality, beginning with the A key, then E, and so on. There were NO NOTIFICATIONS either from Norton 360 nor Norton Core that anything was amuck at this point. To correct the issue, I rebooted the laptop. Upon trying to enter the login password for my account, NO KEYS would function. I could then at that point not login to the laptop. I shut down manually, removed wall power, removed the battery, pressed the power button for 60 seconds. Re-applied wall power and restarted. Walla!! The laptop allowed the keyboard to function. Logged into the system and used the laptop as normal without any further issues. 

The next day however, I walked away from the same laptop with the lock screen up to go outside for a fast smoke. Returning, the laptop was powered down. I restarted and began investigating what the issue could have been. The first screenshot is what I derived from Norton history. The detection states the 14th yet nothing was there when I looked. Meaning this hit the system without any notice to me that it took place the day before. The file insight would indicate something came through while on FB on the 14th per the screenshot. The 15th is still a mystery as to what the shutdown cause was as I am still investigation that.

The next screenshot shows the threat removed yet nothing was in the recycle bin.

I then ran MBAM. Screenshot below shows clean. NPE showed clean (no screenshot taken), Full Norton scan showed clean (no screenshot taken)

A subsequent check of my FIOS router/modem indicated there has NOT been any scan into any ports to check for vulnerabilities in the firmware or hardware. Full scans of ALL my systems on the network with Norton, MBAM and NPE turned up nothing. All are clean. 

Filename: exploitSagemcom.js AKA Cable Haunt
Threat name: HacktoolFull Path: C:\$Recycle.Bin\S-1-5-21-1713856677-2457491745-874669289-1003\$RMNWUQW\static\exploitSagemcom.js

On computers as of 
1/14/2020 at 11:09:22 AM

Last Used 
1/14/2020 at 11:11:22 AM

Startup Item 
No

Launched 
No

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium

exploitSagemcom.js Threat name: Hacktool
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.

____________________________

Source: External Media

Source File:
exploitSagemcom.js

____________________________

File Actions

File: C:\$Recycle.Bin\S-1-5-21-1713856677-2457491745-874669289-1003\$RMNWUQW\static\ exploitSagemcom.js Removed
____________________________

File Thumbprint - SHA:
3558f30cd6b0cb54c5761704b5acfe20f66c657d7a85669b840f10cc228878f5
File Thumbprint - MD5:
cdf04cde4d11ec0937c567b94a01e980
 

Cheers