Bitdefender discovers new malware family "MosaicLoader" Cyber criminals book prominent spots for online ads to distribute malware droppers. Download a wide variety of malware - from cryptomining to exfiltration of data to protect identities.
The "MosaicLoader" attacks discovered by Bitdefender Labs target people who search for and download cracked software. As soon as their device is infected, the malware acts as a dropper for other malicious tools - from cookie stealers and cryptominers to complex Trojans.
MosaicLoader: malware family with a high potential for damage
Bitdefender has named this malware family with high malicious potential "MosaicLoader". It owes its name to its complex internal structure, which aims to confuse malware analysts through obfuscation techniques. Code is broken down into small pieces, execution commands mixed up. The malware performs extensive mathematical operations with high values: Reverse engineering is made more difficult and executable code is hidden in a large number of numbers that give the impression of useful data. Fortinet's security analysts had recently discovered similar techniques.
Marketing malware online
In order to spread the malware, the cyber criminals actively buy prominent advertising space on search engines. So they place their links to the malicious dropper as top results for the users searching for illegally broken software. The downloaders disguise themselves with their icons and signature information.
Online identity risk
Malware and its functions, which can be obtained via MosaicLoader (Image: Bitdefender).
Once infected, MosaicLoader acts as a dropper for any malware, from cookie stealers and cryptominers to complex Trojans such as the Glupteba backdoor.
MosaicLoader can also compromise users' private identities. The malware sprayer can run various programs to steal Facebook cookies on the attacked system, which exfiltrate login data. This allows Facebook accounts to be illegally taken over professionally: Post in the name of the victim then endangers their reputation or spreads malware. The tool also distributes remote access Trojans that log victim keystrokes, listen to audio spoken into the microphone, and take screenshots. This private information can also be used to take over customer accounts, steal digital identities or even blackmail victims.
Global campaign
The campaign is widespread around the world (Fig. 2) and does not seem to target specific countries, organizations or market sectors. Most likely, PCs are the hardest hit. In general, it is advisable for users not to download any broken software. Not only is this illegal, it is also very dangerous as you can never be sure that the downloaded version does not contain malware placed by cyber criminals. Also, every user should check the source domain of every single download to make sure the data is legitimate. Updated antimalware offers the best possible protection at any given time.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de