An ongoing worldwide marketing campaign is pushing new malware dubbed MosaicLoader promoting camouflaged as cracked software program through search engine outcomes to contaminate wannabe software program pirates’ methods.
MosaicLoader is a malware downloader designed by its creators to deploy extra second-stage payloads on contaminated methods, as Bitdefender researchers revealed in a report published today and shared with BleepingComputer final week.
“We named it MosaicLoader due to the intricate inside construction that goals to confuse malware analysts and forestall reverse-engineering,” Janos Gergo Szeles, Senior Safety Researcher at Bitdefender, revealed.
Throughout their investigation, Bitdefender discovered that MosaicLoader menace actors used the next techniques to hinder researchers’ malware evaluation efforts and to extend their assaults’ charge of success:
- Mimicking file data that’s just like reputable software program
- Code obfuscation with small chunks and shuffled execution order
- Payload supply mechanism infecting the sufferer with a number of malware strains
The researcher added that the marketing campaign would not goal a selected area. As a consequence of its internet marketing lures, it’ll try to infect any search engine customers trying to obtain and set up cracked software program installers on their units.
The attackers are camouflaging their droppers as executables belonging to reputable software program, utilizing comparable icons and together with data comparable to firm names and descriptions inside the information’ metadata data to cross superficial scrutiny.
After being deployed on a sufferer’s system, MosaicLoader downloads extra malware starting from cryptocurrency miners and cookie stealers to Distant Entry Trojans (RATs) and backdoors utilizing “a fancy chain of processes.”
So as to add to the hazard of getting your system contaminated with MosaicLoader, the menace actors (or their shoppers) can harvest delicate data comparable to credentials from compromised methods utilizing RATs and comparable malware with information theft capabilities.
The stolen data can later be used to hijack victims’ on-line accounts and use the gained entry in identification theft scams or blackmail scams.
Bitdefender collected and analyzed a number of malware samples delivered by MosaicLoader through a malware sprayer that downloads additional payloads from attacker-controlled domains internet hosting lists of URLs internet hosting malware (a few of them are listed within the desk embedded beneath).
“One of the best ways to defend in opposition to MosaicLoader is to keep away from downloading cracked software program from any supply,” Szeles concluded.
“Apart from being in opposition to the legislation, cybercriminals look to focus on and exploit customers trying to find unlawful software program.”
Further technical data and indicators of compromise, together with malware hashes and command-and-control infrastructure data, will be discovered on the finish of Bitdefender’s whitepaper.