Security researchers from Kaspersky have spotted a new series of campaigns focusing on the malware tool they named NullMixer.
According to an advisory published by the firm earlier today, NullMixer spreads malware via malicious websites that can be easily found via popular search engines, including Google.
“These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper,” reads the advisory.
The researchers further explained that when users attempt to download software from one of these sites, they are redirected several times and eventually land on a page containing download instructions alongside an archived password–protected malware acting as the desired software tool.
When a user extracts and executes NullMixer, however, the malicious software drops several malware files to the compromised machine.
“These malware families may include backdoors, bankers, credential stealers and so on,” Kaspersky wrote. “For example, the following families are among those dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, ColdStealer.”
At the time of writing, the security researchers said in 2022 alone, they’ve blocked attempts to infect more than 47,778 victims worldwide, located mainly across Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.
Kaspersky also clarified that they are currently...
Read Full Story: https://www.infosecurity-magazine.com/news/nullmixer-and-seo-to-spread-malware/
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
