The Hacker News reports that threat actors have been using cracked software to distribute the new NullMixer malware dropper, which could simultaneously deploy various trojans to enable credential, address, cryptocurrency, credit card data, and Facebook and Amazon cookie exfiltration.
Kaspersky researchers found that attacks spreading NullMixer commence with the download of cracked software from malicious sites using search engine optimization poisoning approaches, which then leads to a password-protected archive with an executable enabling malicious file delivery.
Malicious Google Chrome extension FB Stealer and various information-stealing malware, such as ColdStealer, RedLine Stealer, Raccoon Stealer, Vidar, and PseudoManuscrypt have been found to be spread by NullMixer.
The report also showed that NullMixes was used to deploy the GCleaner, PrivateLoader, LgoogLoader, FormatLoader, ShortLoader, SgnitLoader, LegionLoader, and SmokeLoader trojan downloaders. Meanwhile, more than 47,778 NullMixer infection attempts have been blocked by Kaspersky but the malware dropper has not yet been attributed to a specific threat actor.
"Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time. Receiving NullMixer, users get several threats at once," said Kaspersky researcher Haim Zegel.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Several adware, malware, and phishing apps masquerading as system optimizers and utilities have been downloaded more than two million times cumulatively from the Google Play Store, reports BleepingComputer.