MosaicLoader Malware how is it stealing passwords of Windows users

Tech News

With time the viruses and malware targeting Windows are constantly evolving.  This makes, data security paramount, but the question of how can we do it still haunts us.

The best way to keep data secure as we all know is to use the best antivirus and identity protection tool. But is there anything else that we can do? Yes, alongside using an antivirus tool like Systweak Antivirus and an identity protection tool like Advanced Identity Protector you should also keep yourself updated with the type of malware being circulated, and measures one should take to stay protected.

Download Systweak Antivirus

Download Advanced Identity Protector

In this regard, we have come up with this post. Today’s article is about MosaicLoader malware, the latest threat for Windows users, being used to steal passwords, install cryptocurrency miners, and deliver trojans.

Though not the first time that Windows users are targeted, the way this malware works is different.

Before getting into details, here’s a quick roundup of 6 notable Windows 10 zero-day vulnerabilities.

6 Notable Windows 10 Zero-Day Vulnerabilities

  • CVE-2021-31199, a privilege vulnerability and exploit in the Microsoft Enhanced Cryptographic Provider
  • CVE-2021-31201, an upgraded version of a privilege vulnerability and exploit in the Microsoft Enhanced Cryptographic Provider
  • CVE-2021-31955, information disclosure bug in the Windows Kernel
  • CVE-2021-31956, an upgraded version of a privilege vulnerability and exploit in Windows NTFS
  • CVE-2021-33739, an upgraded version of a privilege vulnerability and exploit in the Microsoft Desktop Window Manager
  • CVE-2021-33742, a remote code execution bug in a Windows HTML component.
  • CVE-2021-31968, a Windows Remote Desktop Services Denial of Service Vulnerability

These vulnerabilities within Microsoft programs are dangerous, yet the company does not reveal detailed information. This makes things even more serious and understanding the latest threat is important.

List of Contents

What is MosaicLoder?

Acting as a full-service malware-delivery platform, it is a type of malware that creates a backdoor to infect systems. Also, it is used to infect victims with remote-access trojans (RATs), Facebook cookie stealers, and other threats.

Though a new strain, MosaicLoader is spreading quickly, and it seems the plan behind this attack is to sell access to compromised Windows machines.

This Trojan steals sensitive information like usernames, passwords, and financial information. To perform all this the downloader malware adds local exclusions to Windows Defender for specific file names saved in a folder named \PublicGaming\.

In addition to this, MosaicLoader can be used to download a variety of threats onto compromised machines, including Glupteba, a type of malware that creates a backdoor onto infected systems, to steal confidential information.

To ensure users download it, attackers are making the download look as legitimate as possible, and the cracked software is imitating the file information, names, and description within the file folder of the real software.

How is MosaicLoader being spread?

Unlike Phishing attacks and software vulnerabilities, MosaicLoader malware is delivered via paid advertising in search results. It targets people looking for pirated software and games and impersonates a cracked software installer. Where in reality, it is a malware downloader that delivers the payload to an infected system.

To dupe users, attackers camouflage their droppers as real executables and use similar icons, company names, descriptions, etc. Once the malware is deployed, MosaicLoader downloads additional malware ranging from cryptocurrency miners and cookie stealers to Remote Access Trojans (RATs) and backdoors using “a complex chain of processes.””

Moreover, MosaicLoader also gives the threat actors the capability to collect sensitive information that can be used to hijack victim’s online accounts.

Who is at risk?

Telecommuting employees, people working from home are at an increased risk of downloading cracked software.

Can it be detected by antivirus software?

Certainly, but users who download crack versions, usually disable real-time protection, firewall giving a safe passage to the malware. Therefore, we recommend not to disable protection as it is for your own safety.

Practices followed by hackers to spread malware

  • Imitates file information that looks like the real software
  • Shuffled execution order and code obfuscation with small chunks
  • Uses payload to infect the system with several malware strains at a time

In addition to this, researchers said, since the attack doesn’t focus on any specific region, the threat is dangerous. It will attempt to infect any search engine users looking to download and install cracked software installers on their devices.

How to stay protected

  1. The best way to stay protected against MosaicLoader is to avoid downloading cracked software from any source.
  2. Check the domain source of every download this helps ensure you download the legitimate files.
  3. Always use an antivirus with real-time protection, updated database, scheduler, malware protection, USB protection, and other security features. For this, you can try using Systweak Antivirus.

What the Experts Discovered About MosaicLoader’s Threat Actors

  1. The malware attacks aim to slow down the security experts and achieve their aim of stopping the virus.
  2. Attackers are exploiting the systems so that they can infect a large number of pirated Windows and systems running them.
  3. MosaicLoader is capable of impersonating the exact details of legitimate software. Moreover, it hits the search engine results meaning it is using SEO poisoning.

    “Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet.

  4. MosaicLoader is likely to target those who attempt to download cracked software.

“We advise users to never turn off their security solution when it blocks the installation of software downloaded from the internet, as attackers have become adept at bundling legitimate apps with malware,” said Botezatu.

How to Stay Protected Against MosaicLoader

Since the campaign has no target country or organization, all those using pirate or cracked versions are at risk. And this is a serious threat. The best way to defend against MosaicLoader is to avoid downloading cracked software from any source.

Wrap up –

As work from home becomes the new normal the line between personal and business devices is getting blurred. Therefore, we need to pay more attention to our actions than before. Businesses should devise a clear BYOD policy, give awareness training and create strong endpoint rules.

In addition to this following things should be made clear:

1) What essential or critical access means

2) Keep a check on the type of software users and employees use.

All this will give a balanced approach to protect the device and data.

Hope this clears all the doubt and you now have the understanding of how to stay secure from MosaicLoader and similar threats. What do you think about the post? Leave us your feedback in the comments section

What Do You Think?
Responses

Leave a Reply


The Firefox logo isn’t a fox

It is a common misbelief that the furry creature in the Firefox logo is a fox thanks to its name. But it is rather a Red Panda.