This evil dropper infects you with a dozen malware strains at the same time
>
Cyber criminals have been observed using SEO poisoning to distribute a new malware loader that tries to infect the target endpoint (opens in new tab) with a dozen malware families.
Kaspersky researchers found that for many people, typing the keyword “software crack” into Google yields multiple websites distributing this new malware loader, some of which have even made it to the famous first page of search results. The loader in question is called “NullMixer” and is designed for the Windows operating system and apparently installs all kinds of password stealers, viruses, backdoors, banking trojans, crypto miners, you name it. The only thing that is seemingly missing is ransomware.
Among the malware families installed in this way are Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and others.
Bait with cracks
The attackers chose “software crack” as their main keyword, researchers believe, because people looking for cracks usually ignore warnings from their antivirus programs and install the executables anyway.
According to Kaspersky, NullMixer has so far attempted to infect more than 47,000 endpoints protected by its security solutions. The victims were located all over the world, including the US, Germany, France, Italy, India, Russia, Brazil, Turkey and Egypt.
The researchers were also baffled by the number of malware families installed via NullMixer. It’s not exactly subtle. Devices that fall victim to this attack will slow down considerably, pop up windows for no reason and show numerous other symptoms of infection. Kaspersky suspects that NullMixer could actually be a demonstration, showing other malware operators what it is capable of, until someone decides to use it for their own distribution efforts.
As things stand, the best way to remove NullMixer from a compromised device is to reinstall Windows.
Through: BleepingComputer (opens in new tab)