Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

New MosaicLoader malware targets software pirates via online ads

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?go=1&utm_source=embed_v3&t=0&nd=1

New MosaicLoader malware targets software pirates via online ads

An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates’ systems.

MosaicLoader is a malware downloader designed by its creators to deploy more second-stage payloads on infected systems, as Bitdefender researchers revealed in a report published today and shared with BleepingComputer last week.

“We named it MosaicLoader because of the intricate internal structure that aims to confuse  malware analysts and prevent reverse-engineering,” Janos Gergo Szeles, Senior Security Researcher at Bitdefender, revealed.

Also Read: ZDon’t Be Baited! 5 Signs of Phishing in Email

During their investigation, Bitdefender found that MosaicLoader threat actors used the following tactics to hinder researchers’ malware analysis efforts and to increase their attacks’ rate of success:

  • Mimicking file information that is similar to legitimate software
  • Code obfuscation with small chunks and shuffled execution order
  • Payload delivery mechanism infecting the victim with several malware strains

The researcher added that the campaign doesn’t target a specific region. Due to its online advertising lures, it will attempt to infect any search engine users looking to download and install cracked software installers on their devices.

MosaicLoader campaign distribution
MosaicLoader campaign distribution (Bitdefender)

The attackers are camouflaging their droppers as executables belonging to legitimate software, using similar icons and including info such as company names and descriptions within the files’ metadata info to pass superficial scrutiny.

After being deployed on a victim’s system, MosaicLoader downloads additional malware ranging from cryptocurrency miners and cookie stealers to Remote Access Trojans (RATs) and backdoors using “a complex chain of processes.”

To add to the danger of getting your system infected with MosaicLoader, the threat actors (or their clients) can harvest sensitive info such as credentials from compromised systems using RATs and similar malware with data theft capabilities.

The stolen info can later be used to hijack victims’ online accounts and use the gained access in identity theft scams or blackmail scams.

Bitdefender collected and analyzed multiple malware samples delivered by MosaicLoader via a malware sprayer that downloads further payloads from attacker-controlled domains hosting lists of URLs hosting malware (some of them are listed in the table embedded below).

Malware delivered by MosaicLoader
Malware delivered by MosaicLoader (Bitdefender)

“The best way to defend against MosaicLoader is to avoid downloading cracked software from any source,” Szeles concluded.

“Besides being against the law, cybercriminals look to target and exploit users searching for illegal software.”

Additional technical info and indicators of compromise, including malware hashes and command-and-control infrastructure info, can be found at the end of Bitdefender’s whitepaper.

Also Read: 4 Reasons to Outsource Penetration Testing Services

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us