Security researchers Bitdefender discovered a global campaign promoting one new malware called MosaicLoader. Malware is advertised as cracked software in search engine results and actually infects users trying to download pirated software.
MosaicLoader is essentially one malware downloader designed by its creators for development of additional second-stage malicious payloads on infected systems.
"We named it MosaicLoader because of its intricate internal structure, which aims to confuse malware analysts and prevent reverse-engineering", Revealed o Janos Gergo Szeles, Senior Security Researcher at Bitdefender.
In its investigation, Bitdefender found that the criminals behind MosaicLoader used a variety of tactics to thwart malware analysis efforts by investigators. Some of them include:
- Imitate file information that looks like legal software
- Code obfuscation
- Mechanism of delivery of payloads that infect the victim with various malware
The researcher said that the campaign does not target a specific area. Through advertising it attracts and infects users who want to download and install cracked software and search engines.
Attackers disguise droppers as executable belonging to legitimate software, using similar icons and information, such as company names and descriptions. So they manage to pass the surface control.
Once installed on a victim's system, MosaicLoader downloads additional malware, which may be from cryptomining malware to cookie stealers, Remote Access Trojans (RATs) and backdoors.
In addition, MosaicLoader gives creators the ability to collect sensitive information such as credentials.
The stolen information could later be used to breach victims' accounts and commit other scams.
Bitdefender has collected and analyzed multiple samples of malware delivered by MosaicLoader.
"The best way to protect yourself from MosaicLoader is to avoid getting cracked software from any source", Concluded Szeles.
"Criminals try to target and exploit users looking for illegal software".
Additional technical information can be found at report of Bitdefender.
Source: Bleeping Computer