Security researchers from Kaspersky have noticed a brand new collection of campaigns specializing in the malware software they named NullMixer.
According to an advisory printed by the agency earlier in the present day, NullMixer spreads malware through malicious web sites that may be simply discovered through standard search engines like google and yahoo, together with Google.
“These web sites are sometimes associated to crack, keygen and activators for downloading software program illegally, and whereas they could fake to be respectable software program, they really comprise a malware dropper,” reads the advisory.
The researchers additional defined that when customers try to obtain software program from one in all these websites, they’re redirected a number of occasions and ultimately land on a web page containing obtain directions alongside an archived password–protected malware appearing as the specified software program software.
When a person extracts and executes NullMixer, nevertheless, the malicious software program drops a number of malware recordsdata to the compromised machine.
“These malware households might embody backdoors, bankers, credential stealers and so on,” Kaspersky wrote. “For instance, the next households are amongst these dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, ColdStealer.”
At the time of writing, the safety researchers mentioned in 2022 alone, they’ve blocked makes an attempt to infect greater than 47,778 victims worldwide, situated primarily throughout Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.
Kaspersky additionally clarified that they’re at present unable to attribute NullMixer to any particular group or menace actor.
More usually, the cybersecurity firm warned people towards attempting to get monetary savings through the use of unlicensed software program.
“A single file downloaded from an unreliable supply can lead to a big–scale an infection of a pc system,” the corporate wrote.
Multiple malware households dropped by NullMixer are categorised by the corporate and the final safety group as Trojan–Downloaders. This suggests infections might not be restricted to the malware households described within the report.
“Many of the opposite malware households talked about listed here are stealers, and compromised credentials can be utilized for additional assaults inside an area community.”
The report comes weeks after the FBI warned towards cyber–criminals more and more hijacking dwelling IP addresses to hide credential–stuffing activity and improve their probabilities of success.
