Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed “MosaicLoader” that singles out individuals searching for cracked software as part of a global campaign.
“The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service,” Bitdefender researchers said in a report shared with The Hacker News. “The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links.”
Bitdefender found that MosaicLoader threat actors used the following tactics to hinder researchers’ malware analysis efforts and to increase their attacks’ rate of success:
- Mimicking file information that is similar to legitimate software
- Code obfuscation with small chunks and shuffled execution order
- Payload delivery mechanism infecting the victim with several malware strains
Besides being against the law, cybercriminals look to target and exploit users searching for illegal software.
Source: BleepingComputers | TheHackerNews
The best way to defend against MosaicLoader is to avoid downloading cracked software from any source