MosaicLoader malware targets software pirates

By Dylan Bushell-Embling
Thursday, 22 July, 2021

MosaicLoader malware targets software pirates

Bitdefender has discovered a new malware family capable of delivering any payload to an infected system that uses sophisticated methods to avoid detection and prevent reverse engineering by security researchers.

The malware, which Bitdefender has named MosaicLoader, appears to be delivered through paid ads in search results targeting users looking for cracked software.

The downloader malware adds local exclusions to Windows Defender for specific file names residing in a folder named \PublicGaming\.

Once planted on a system, the malware creates a complex chain of processes and downloads a malware sprayer that itself tries to download a variety of threats, ranging from simple cookie stealers and cryptocurrency miners to more complex threats such as the Glupteba Backdoor.

The process includes a number of methods aimed at confusing researchers, including heavy code obfuscation, the use of mathematical operations with large numbers to obtain values required by the program and a series of filler bytes designed to be skipped over in the code.

The attack campaign analysed by Bitdefender has no specific target countries or organisations, but a number of infections were identified in Australia, the company said.

Bitdefender added that the best way to defend against MosaicLoader is to simply avoid attempting to install pirated software.

Image credit: ©lollo/Dollar Photo Club

Related News

Uber interfered with privacy of 1.2 million Australians

The Office of Australian Information Commissioner (OAIC) has determined that Uber interfered with...

Phishing attacks: staff shortages leading to longer remediation times

More than half of IT professionals say under-resourcing is leading to longer phishing incident...

Cyber attacks of the future: weaponising OT environments to kill

Gartner predicts that by 2025 cyber attackers will have weaponised operational technology (OT)...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd