Cybercriminals are continuing to prey on users seeking for cracked software by directing them to fraudulent web-sites hosting weaponized installers that deploy malware known as NullMixer on compromised methods.
“When a consumer extracts and executes NullMixer, it drops a quantity of malware documents to the compromised device,” cybersecurity company Kaspersky explained in a Monday report. “It drops a huge selection of malicious binaries to infect the machine with, these types of as backdoors, bankers, downloaders, spyware, and a lot of many others.”
Aside from siphoning users’ qualifications, address, credit rating card facts, cryptocurrencies, and even Fb and Amazon account session cookies, what will make NullMixer insidious is its potential to obtain dozens of trojans at once, drastically widening the scale of the infections.
Attack chains commonly start off when a user makes an attempt to down load cracked program from one of the websites, which qualified prospects to a password-safeguarded archive that consists of an executable file that, for its component, drops and launches a 2nd set up binary developed to provide an array of malicious information.
These malicious internet sites leverage research engine optimization (Search engine optimisation) poisoning methods such as keyword stuffing to element them hugely in lookup engine results. Related practices have been adopted by actors powering GootLoader and SolarMarker strategies.
NullMixer, very last month, was connected to the distribution of a rogue Google Chrome extension termed FB Stealer, which is capable of Fb credential theft and research engine substitution.
Some of the other popular malware households distributed by the dropper involve DanaBot and a raft of facts-thieving malware this kind of as ColdStealer, PseudoManuscrypt, Raccoon Stealer, Redline Stealer, and Vidar.
Also deployed utilizing NullMixer are trojan downloaders like FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader, as effectively as the C-Joker cryptocurrency wallet stealer.
Kaspersky mentioned it blocked tries to infect a lot more than 47,778 victims around the globe, with a greater part of the consumers positioned in Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the U.S. The risk actor working NullMixer has not been attributed to a regarded team.
The most recent results are yet a further sign that malware and undesirable apps are remaining ever more propagated through pirated software package. It is also advisable to check out on the web accounts on a regular basis for unfamiliar transactions.
“Any obtain of documents from untrustworthy methods is a actual activity of roulette: you by no means know when it will fireplace, and which danger you will get this time,” Kaspersky researcher Haim Zigel claimed. “Getting NullMixer, people get quite a few threats at at the time.”
Located this article interesting? Abide by THN on Facebook, Twitter and LinkedIn to go through more special written content we post.
Some parts of this article are sourced from:
thehackernews.com