This evil dropper infects you with a dozen malware strains at the same time

Scott Marlette

2 years ago

Cybercriminals have been observed using SEO poisoning to distribute a new malware loader which tries to infect the target endpoint (opens in new tab) with a dozen malware families.

Researchers from Kaspersky discovered that for many people, typing the keyword “software crack” into Google brings up multiple websites distributing this new malware loader, some of which have even made it to the famed first page of the search results. The loader in question is called “NullMixer”, and is designed for the Windows operating system and apparently, it installs all kinds of password stealers, viruses, backdoors, banking trojans, crypto miners, you name it. The only thing seemingly missing is ransomware.

Among the malware families installed this way are Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and others.

Baiting with cracks

The attackers chose “software crack” as their main keyword, researchers believe, due to the fact that people looking for cracks will usually ignore warnings coming from their antivirus programs and install the executable files anyway.

According to Kaspersky, NullMixer has so far tried to infect more than 47,000 endpoints protected by its security solutions. The victims were located all over the world, including the U.S., Germany, France, Italy, India, Russia, Brazil, Turkey, and Egypt.

The researchers were also baffled by the number of malware families being installed via NullMixer. It’s not exactly subtle. Devices that fall victim to this attack will become significantly slower, have windows popping up for no reason, and will showcase numerous other symptoms of infection. Kaspersky suspects that NullMixer could actually be a demonstration, showing other malware operators what it’s capable of doing, until one decides to use it for their own distribution efforts.

As things stand now, the best way to eliminate NullMixer from a compromised device is via a Windows reinstall.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.