Cybercriminals are persevering with to prey on customers trying to find cracked software program by directing them to fraudulent web sites internet hosting weaponized installers that deploy malware known as NullMixer on compromised techniques.
“When a person extracts and executes NullMixer, it drops numerous malware information to the compromised machine,” cybersecurity agency Kaspersky stated in a Monday report. “It drops all kinds of malicious binaries to contaminate the machine with, resembling backdoors, bankers, downloaders, spyware and adware, and lots of others.”
Apart from siphoning customers’ credentials, tackle, bank card knowledge, cryptocurrencies, and even Fb and Amazon account session cookies, what makes NullMixer insidious is its skill to obtain dozens of trojans without delay, considerably widening the dimensions of the infections.
Assault chains sometimes begin when a person makes an attempt to obtain cracked software program from one of many websites, which ends up in a password-protected archive that accommodates an executable file that, for its half, drops and launches a second setup binary designed to ship an array of malicious information.
These malicious web sites leverage SEO (website positioning) poisoning strategies resembling key phrase stuffing to function them extremely in search engine outcomes. Comparable ways have been adopted by actors behind GootLoader and SolarMarker campaigns.
NullMixer, final month, was linked to the distribution of a rogue Google Chrome extension known as FB Stealer, which is able to Fb credential theft and search engine substitution.
Among the different distinguished malware households distributed by the dropper embrace DanaBot and a raft of information-stealing malware resembling ColdStealer, PseudoManuscrypt, Raccoon Stealer, Redline Stealer, and Vidar.
Additionally deployed utilizing NullMixer are trojan downloaders like FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader, in addition to the C-Joker cryptocurrency pockets stealer.
Kaspersky stated it blocked makes an attempt to contaminate greater than 47,778 victims worldwide, with a majority of the customers positioned in Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the U.S. The menace actor working NullMixer has not been attributed to a recognized group.
The newest findings are yet one more indication that malware and undesirable purposes are being more and more propagated by way of pirated software program. It is also advisable to verify on-line accounts recurrently for unknown transactions.
“Any obtain of information from untrustworthy assets is an actual sport of roulette: you by no means know when it is going to fireplace, and which menace you’re going to get this time,” Kaspersky researcher Haim Zigel stated. “Receiving NullMixer, customers get a number of threats without delay.”