Cybersecurity firm Bitdefender has discovered a new form of malware that gets installed through advertisements in search results. The company says the malware specifically targets Windows devices and is being used to steal passwords, install cryptocurrency miners, and deliver additional trojan malware.
The researchers dubbed the new form of malware MosaicLoader because of “the intricate internal structure that aims to confuse malware analysts and prevent reverse-engineering.”
Once delivered into a system via ads, the malware goes to work by downloading a variety of threats. Those threats include the malware Glupteba, which creates a backdoor onto infected systems and could allow bad actors to steal sensitive information. Links to the malware show up at the top of search results posing as cracked installers.
"The best way to defend against MosaicLoader is to avoid downloading cracked software from any source," the researchers said in a whitepaper accompanying the report. "Besides being against the law, cybercriminals look to target and exploit users searching for illegal software.”
“We recommend always checking the source domain of every download to make sure that the files are legitimate and to keep your antimalware and other security solutions up to date,” the researchers added.
The team noted that people working from home are more likely to be victims of the scheme because they are more likely to download cracked software. It’s believed that those behind the MosaicLoader operation are aiming to compromise as many Windows machines as possible, so it’s very important for consumers and businesses to take this threat seriously.
"From what we can tell, this new MosaicLoader attempts to infect as many devices as possible, likely to build up market share and then sell access to infected computers to other threat actors," Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.