A global operation has been identified that uses unlicensed software to spread a new malware called MosaicLoader. The term is derived from the internal structure of the malware, which perplexes malware analysts and makes reverse engineering difficult.
The Discovery
MosaicLoader is used to distribute second-stage payloads on infected computers, according to a report by researchers.
- The attackers try to infect people who are attempting to download pirated software from search engine results.
- Using identical images and adding corporate names and descriptions to file metadata, the attackers imitated genuine applications.
- To evade detection, the attackers obfuscated the code in small chunks, used unpredictable execution sequences, and chose delivery strategies infecting victims with many malware strains.
- The campaign is not focused on a specific region. It seeks to target visitors of any search engine who are looking for cracked software installers from anywhere on the planet.
Additionally,
After being infected by MosaicLoader, the malware collects data from the victim system, including passwords from infected systems utilizing RATs and malware capable of data theft.
- MosaicLoader uses a sophisticated attack chain to download other malware such as bitcoin miners, cookie stealers, RATs, and backdoors after it is installed on a targeted system.
- Furthermore, attackers might utilize this stolen information in future attacks to hijack victims’ internet accounts, commit identity theft frauds, or engage in blackmail schemes.
Threats like MosaicLoader not only carry out destructive operations, but they also spread other deadly software to victim computers. Stopping the usage of pirated software is one of the most suggested techniques to avoid such dangers being downloaded onto users’ systems.
To read more, please check eScan Blog
