HomesecurityMosaicLoader malware: It is presented as cracked software and infects victims

MosaicLoader malware: It is presented as cracked software and infects victims

Security researchers Bitdefender discovered a global campaign promoting one new malware called MosaicLoader. Malware is advertised as cracked software in search engine results and actually infects users trying to download pirated software.

See also: Joker malware: Infects apps and avoids crawling with new tactics

MosaicLoader malware

MosaicLoader is essentially one malware downloader designed by its creators for development of additional second-stage malicious payloads on infected systems.

"We named it MosaicLoader because of its intricate internal structure, which aims to confuse malware analysts and prevent reverse-engineering", Revealed o Janos Gergo Szeles, Senior Security Researcher at Bitdefender.

See also: BIOPASS malware: Shows live stream the victim's PC screen

In its investigation, Bitdefender found that the criminals behind MosaicLoader used a variety of tactics to thwart malware analysis efforts by investigators. Some of them include:

  • Imitate file information that looks like legal software
  • Code obfuscation
  • Mechanism of delivery of payloads that infect the victim with various malware

The researcher said that the campaign does not target a specific area. Through advertising it attracts and infects users who want to download and install cracked software and search engines.

Attackers disguise droppers as executable belonging to legitimate software, using similar icons and information, such as company names and descriptions. So they manage to pass the surface control.

Once installed on a victim's system, MosaicLoader downloads additional malware, which may be from cryptomining malware to cookie stealers, Remote Access Trojans (RATs) and backdoors.

In addition, MosaicLoader gives creators the ability to collect sensitive information such as credentials.

See also: Crackonosh malware: Windows Safe mode for cryptomining is abused

The stolen information could later be used to breach victims' accounts and commit other scams.

cracked software

Bitdefender has collected and analyzed multiple samples of malware delivered by MosaicLoader.

"The best way to protect yourself from MosaicLoader is to avoid getting cracked software from any source", Concluded Szeles.

"Criminals try to target and exploit users looking for illegal software".

Additional technical information can be found at report of Bitdefender.

Source: Bleeping Computer

Digital fortress
Pursue Your Dreams & Live!