Cybercriminals are continuing to take advantage of users looking for broken software application by directing them to deceptive sites hosting weaponized installers that release malware called NullMixer on jeopardized systems.
” When a user extracts and carries out NullMixer, it drops a variety of malware files to the jeopardized maker,” cybersecurity company Kaspersky stated in a Monday report. “It drops a wide range of harmful binaries to contaminate the maker with, such as backdoors, lenders, downloaders, spyware, and lots of others.”.
Besides siphoning users’ qualifications, addresses, charge card information, cryptocurrencies, and even Facebook and Amazon account session cookies, what makes NullMixer perilous is its capability to download lots of trojans simultaneously, considerably expanding the scale of the infections.
Attack chains normally begin when a user tries to download broken software application from among the websites, which results in a password-protected archive which contains an executable file that, for its part, drops and releases a 2nd setup binary created to provide a variety of harmful files.
These harmful sites take advantage of seo (SEO) poisoning methods such as keyword packing to include them extremely in online search engine outcomes. Comparable methods have actually been embraced by stars behind GootLoader and SolarMarker projects.
Read the full article here
