MosaicLoader Malware Disguises as 'Cracked Installer'--What Experts Discovered From Threat Actors

The new MosaicLoader malware has been spotted by the cybersecurity experts on the systems of software pirates.

The virus is dependent on the malicious ads disguised as "cracked installer" in the systems. In short, when a user downloads this "malware downloader'' through search engine results, their information might be at risk of being stolen.

How Do Cyber Security Analysts Arrive With the 'MosaicLoader' Moniker?

MosaicLoader Malware Disguises as 'Cracked Installer'--What Do the Experts Find Out From Threat Actors?
Experts spotted the new MosaicLoader malware infecting systems with the cracked installers from software pirates. Sora Shimazaki from Pexels

In a report by Bitdefender via Bleeping Computer on Tuesday, July 20, the hackers behind the MosaicLoader malware have been focused on infecting the systems from pirated software.

With that, users who are unaware of their installed files might be subjected to malware infection.

From Bitdefender Senior Security Researcher, Janos Gergo Szeles, the name "MosaicLoader" has been coined from its nature of being a cracked installer. This is also used to confuse experts who have been devising plans to stop it via reverse engineering and other solutions.

What the Experts Discovered About MosaicLoader's Threat Actors

The cybersecurity analysts launched an investigation into this malware attack.

Later, they found out that the group behind this malware attack aimed to slow down the security experts on their objective to stop the virus. In return, the threat actors are exploiting the systems, so they could infect more available systems.

According to malware analysts, the MosaicLoader can emulate the exact details of legitimate software.

Moreover, it also conducts shuffles on the execution order, as well as code obfuscation with sufficient information. In addition, this malware strain hits the search engine results, hence the so-called SEO poisoning through online advertisements.

Through the installation of a cracked installer, users are being fooled that what they downloaded is safe from the virus. The researchers warned that this malware does not choose a particular region to target. Instead, it only relies on the online ads that generate bogus installers.

Information From MosaicLoader Victims Might Have Been Stolen

Since this malware tricks the users into treating it as a legit installer, people are easily deceived since it shares the same icon with legitimate software.

Furthermore, this malware also passes through the system, so it won't be detected by a windows defender.

For those who mine cryptocurrency, the malware can be compared to the "Panda Stealer" malware, which obtains users' bitcoin from suspicious email links and group invites via Discord.

MosaicLoader is not only limited to its cryptocurrency investors as its target. It also utilizes Remote Access Trojans (RATs) so threat actors could evade the security check conveniently.

The report said that MosaicLoader hackers have access to the victims' online accounts. They are reportedly blackmailing the persons over their data.

According to the Bitdefender team, MosaicLoader lives in the URLs through the malware sprayer.

"The best way to defend against MosaicLoader is to avoid downloading cracked software from any source. Besides being against the law, cybercriminals look to target and exploit users searching for illegal software," the researchers commented via The Hacker News.

In June, the Monero "Crackonosh" malware was found to thrive in more than 200,000 computers with pirated games. The notorious group had gathered XMR worth $2 million from the victims.

This article is owned by Tech Times

Written by Joseph Henry
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics