New NullMixer malware marketing campaign steals customers’ cost information and credentials


Cybercriminals proceed to search out customers trying to find cracked software program, by directing them to fraudulent web sites that host weaponized installers that deploy malware. tapmixer on compromised techniques.

“When a person extracts and executes NullMixer, it leaves a number of malware information on the compromised machine,” cybersecurity agency Kaspersky stated in a Monday report. “It leaves all kinds of malicious binaries to contaminate the machine, similar to backdoors, bankers, downloaders, adware, and lots of others.”

Along with stripping customers’ credentials, addresses, bank card information, cryptocurrencies, and even Fb and Amazon account session cookies, what makes NullMixer insidious is its means to obtain dozens of Trojans without delay, an infection widening the size.

Cyber ​​security

The assault chain often begins when a person tries to obtain cracked software program from a website, which ends up in a password-protected archive containing an executable file that, for its half, A second setup designed to ship an array of binary drops and launches malicious information.

Nullmixer Malware

These malicious web sites make the most of search engine marketing (website positioning) poisoning methods similar to key phrase stuffing to make them seem larger in search engine outcomes. The same technique has been adopted by the actors behind the Gutloader and SolarMarker campaigns.

NullMixer, final month, was linked to the distribution of a rogue Google Chrome extension known as FB Stealer, which is able to Fb credential theft and search engine substitute.

Among the different main malware households distributed by Dropper embody DanaBot and information-stealing malware similar to ColdStealer, PseudoManuscrypt, Raccoon Stealer, Redline Stealer, and Vidar.

Cyber ​​security

Trojan downloaders similar to FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader deployed utilizing NullMixer, in addition to C-Joker are recognized to steal cryptocurrency wallets.

Kaspersky stated it has blocked efforts to contaminate greater than 47,778 victims worldwide, with most customers situated in Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the US. a recognized group.

The most recent findings are yet one more indication that malware and undesirable functions are more and more being propagated via pirated software program. It’s also really helpful to repeatedly verify on-line accounts for unknown transactions.

“Any obtain of information from untrusted sources is an actual sport of roulette: you by no means know when it will fireplace, and what hazard you will get this time,” stated Kaspersky researcher Haim Zigel. “Upon receiving Nullmixer, customers are uncovered to a number of threats without delay.”



Supply hyperlink