A newly discovered form of malware has been detailed and shows an interesting system of delivery. Named MosaicLoader, the malware is delivered through adverts in search results. The malware can steal passwords, install cryptocurrency miners and deliver other trojan malware.
MosaicLoader was detailed by Bitdefender, the cybersecurity company and has infected victims around the world, as those behind it attempt to compromise as many computers as they can.
MosaicLoader can be used to download all kinds of threats onto compromised machines that include Glupteba, a malware used to create a backdoor on an infected system.
A novel way of doing things
Unlike other kinds of malware that hit their targets through unpatched flaws in code or phishing attacks, MosaicLodader is delivered to victims through advertising. Links to the malware show up at the top of search results when people search for cracked versions of software.
Automated systems that buy and serve ad space likely mean that no one in the chain, aside from the attackers, know the adverts contain malware.
The security company said that employees working remotely are more likely to get cracked software since they do not have IT to protect them from sites they should not be visiting.
A sneaky attack strategy
Bogdan Botezatu, the director of threat research and reporting at Bitdefender, said that most attackers are buying adverts with downstream ad networks, which funnel ad traffic to larger providers.
It seems that they do this over the weekend when manual ad vetting is affected by the limited staff on call.
The malware may be detected by an antivirus. However, users who get cracked software know that there is usually an instruction to turn off protections to access and install the download. This leaves their devices vulnerable.