Security researchers from Kaspersky have noticed a brand new sequence of campaigns specializing in the malware device they named NullMixer.
According to an advisory printed by the agency earlier in the present day, NullMixer spreads malware by way of malicious web sites that may be simply discovered by way of standard engines like google, together with Google.
“These web sites are sometimes associated to crack, keygen and activators for downloading software program illegally, and whereas they could fake to be legit software program, they really comprise a malware dropper,” reads the advisory.
The researchers additional defined that when customers try to obtain software program from certainly one of these websites, they’re redirected a number of instances and finally land on a web page containing obtain directions alongside an archived password–protected malware appearing as the specified software program device.
When a consumer extracts and executes NullMixer, nonetheless, the malicious software program drops a number of malware information to the compromised machine.
“These malware households might embrace backdoors, bankers, credential stealers and so on,” Kaspersky wrote. “For instance, the next households are amongst these dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, ColdStealer.”
At the time of writing, the safety researchers stated in 2022 alone, they’ve blocked makes an attempt to infect greater than 47,778 victims worldwide, positioned primarily throughout Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.
Kaspersky additionally clarified that they’re presently unable to attribute NullMixer to any particular group or menace actor.
More typically, the cybersecurity firm warned people towards attempting to get monetary savings through the use of unlicensed software program.
“A single file downloaded from an unreliable supply can lead to a big–scale an infection of a pc system,” the corporate wrote.
Multiple malware households dropped by NullMixer are labeled by the corporate and the overall safety neighborhood as Trojan–Downloaders. This suggests infections might not be restricted to the malware households described within the report.
“Many of the opposite malware households talked about listed here are stealers, and compromised credentials can be utilized for additional assaults inside a neighborhood community.”
The report comes weeks after the FBI warned towards cyber–criminals more and more hijacking dwelling IP addresses to disguise credential–stuffing exercise and improve their probabilities of success.