A new malware threat is in the wild, targeting users looking for cracked or pirated software. Dubbed MosaicLoader, the malware exhibits diversified downloader capabilities to infect the target systems with its payload. An interesting feature of this malware is its ability to create exclusions in Windows Defender.
MosaicLoader Malware Active In The Wild
Researchers from Bitdefender have spotted a new malware running active campaigns globally. Identified as MosaicLoader, the malware serves as a dedicated payload loader with a complicated structure that makes reverse engineering difficult (hence receiving the name “Mosaic”).
Specifically, the threat actors behind this malware typically aim at users looking for cracked or pirated software copies. The researchers observed that the threat actors exploit paid ads in search engine results to trick users.
Once a potential victim comes across the malicious site and the subsequent malware, MosaicLoader will execute on the target system.
Initially, the malware will create exclusions in Windows Defender for legit-looking filenames. This allows the malware to evade detection. For instance, the researchers found the malicious exclusion mimicking an NVIDIA process. However, since it had a revoked the digital signature, it confirmed that the process had been riddled with malware.
Also, the researchers noticed heavy obfuscations with the executable.
After the initial stage of the infection, the malware then executes the second stage. Here, it drops another payload on the target device that may include anything from cryptominers to sophisticated payloads like the Glupteba backdoor. Also, MosaicLoader gains persistence via several executables.
Detailed technical analysis of the malware is present in Bitdefender’s report.
How To Avoid MosaicLoader Infection?
Bitdefender observed a worldwide execution of the malware campaigns, predominantly targeting personal computers. That’s because the individual users usually look for cracked software and apps to use at home.
Therefore, to prevent MosaicLoader infections, the researchers advise everyone to stop searching for pirated content.
Besides, keeping the devices updated with the latest app and OS patches will also help to fend off this attack.
Let us know your thoughts in the comments.