Bad actors target cracked software with new NullMixer Malware Campaign to steal users payment data and credentials on compromised systems.
Kaspersky said in a Monday report, “When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine. It drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware, and many others.”
Besides taking your passwords, personal information and credit card data, NullMixer is also capable of downloading dozens of trojans to infect our computer. The stolen data includes users’ credentials, address, credit card data, cryptocurrencies, and even Facebook and Amazon account session cookies.
Attack chains typically start when a user attempts to download cracked software. They are then infected with malicious files and password-protected archives, which contain exe files that drop and launch more malicious files.Other people are using search engine optimization (SEO) poisoning to influence search engine results for their website. These tactics have been used before by actors behind other cyberattacks, like GootLoader and SolarMarker campaigns.
NullMixer, last month, was linked to the distribution of a rogue Google Chrome extension. This extension is capable of stealing Facebook credentials and changing search engine results.The dropper also distributes a raft of information-stealing malware. These include DanaBot, ColdStealer, PseudoManuscrypt, Raccoon Stealer, Redline Stealer, and Vidar. These malware work by downloading malicious files onto your device such as FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader, as well as the C-Joker cryptocurrency wallet stealer.
The majority of the victims are in Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the U.S. This particular threat actor is unidentified.According to the researchers malware and unwanted applications are increasingly being propagated via private software. Users are requested to check online accounts regularly for unknown transactions.
Kaspersky researcher Haim Zigel added, “Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time. Receiving NullMixer, users get several threats at once.”