A new malware for Windows, called MosaicLoader, is spreading around the world, as a malware delivery platform used to infect victims’ computers with remote access Trojans (RAT) and other malware and steal Facebook cookies.
Bitdefender researchers have warned Windows users about the malware, who found that this malware spread through paid ads in search results, targeting people searching for pirated software and games. The malware is disguised in a pirated software installation program that victims download without knowing that it will infect their devices with a downloader that can then be downloaded by any other malware.
“The attackers behind MosaicLoader have created malware that can deliver any malware to the system, making it potentially profitable as a delivery service,” explained Bitdefender researchers who analyzed the malware. MosaicLoader downloads other malware from an attacker-controlled server that receives a list of URLs and then downloads other malware from these links. Some of them steal Facebook cookies which allows attackers to steal login account data and retrieve victims ’Facebook accounts which are then used for posts through which the malware spreads or which can damage the user’s reputation.
MosaicLoader also spreads Glupteba backdoors and RATs used to spy on victims. Other perceived threats are cryptocurrency miners.
Malware is otherwise called MosaicLoader because of its sophisticated internal structure, which is such that it should prevent reverse engineering and analysis.
Attacks involving MosaicLoader rely on a well-known malware delivery tactic – “search engine optimization (SEO) poisoning”, in which cybercriminals buy ad slots in search results to make their links appear at the top of the search when users search for terms related to pirated software .
After an infection, the malware adds two downloaded zip files to the list of exceptions in Windows Defender, to prevent Microsoft antivirus scans.
The best way to defend against MosaicLoader is to avoid downloading pirated software from any site. Apart from being illegal, while you are looking for pirated software cyber criminals are looking for you, and that encounter could cost you much more than legal software.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!