Cybersecurity researchers have detected a new strain of malware that can download a variety of threats, but is interestingly delivered
through paid online adverts in search results.
Named MosaicLoader by the Bitdefender researchers who first ran into it, the malware is designed to infect devices of users looking
for cracked software.
“Systems infected with this malware become part of the network of machines that attackers can further infect with any piece of
malware they want. During our analysis, we observed that the payloads delivered by the second stage are malware sprayers that
download and run many other malicious files,” the researchers note in their analysis.
Once installed, the malware creates a complex chain of processes in its attempts to download additional threats, which could range
from simple cookie stealers, and cryptocurrency miners to fully-fledged backdoors such as Glupteba.
Capitalizing on software piracy
Bitdefender shares that adverts bearing links to the malware appear at the top of search results for users searching for cracked
versions of popular proprietary software.
“Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and
larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call,” Bogdan
Botezatu, director of threat research and reporting at Bitdefender briefed ZDNet.
Bitdefender says that the campaign has no specific target countries or organizations, and indiscriminately delivers its payloads to
users looking for cracked software.
Believed to be the handiwork of a new cyberthreat group, Bitdefender thinks the malware’s current form of distribution will itself
keep it away from users who don’t go out looking for cracked software on the Internet.
credit : techradar.com
