The article is patently misleading.<p>Node.js doesn't have some magical ability to break out of the browser's sandbox.<p>For the trojan to work, the payload still needs to be downloaded and executed on the user's machine.<p>The fact that it's cross-platform is just a nicety of the platform. The same can be said of most VM based languages.<p>Remove the lowbrow hyperbole and it's not a bad writeup. Otherwise, 2/10.