The article is patently misleading.
Node.js doesn't have some magical ability to break out of the browser's sandbox.
For the trojan to work, the payload still needs to be downloaded and executed on the user's machine.
The fact that it's cross-platform is just a nicety of the platform. The same can be said of most VM based languages.
Remove the lowbrow hyperbole and it's not a bad writeup. Otherwise, 2/10.
