MosaicLoader Malware Delivers Facebook Stealers, RATs - silversurfer - 21 July 21
Quote:A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that’s being used to infect victims with remote-access trojans (RATs), Facebook cookie stealers and other threats.
That’s according to Bitdefender researchers, who found that the loader is spreading indiscriminately worldwide through paid ads in search results, targeting people looking for pirated software and games. It masquerades as a cracked software installer, but in reality, it’s a downloader that can deliver any payload to an infected system.
“The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service,” researchers at Bitdefender explained, in an analysis released on Tuesday. “It downloads a malware sprayer that obtains a list of URLs from the command-and-control (C2) server and downloads the payloads from the received links.”
Researchers observed the malware sprayer delivering Facebook cookie stealers, which exfiltrate login data – this allows cyberattackers to take over accounts, create posts that spread malware or those that cause reputational damage.
MosaicLoader is also spreading the Glupteba backdoor and a variety of RATs for espionage purposes, they said, which can log keystrokes, record audio from the microphone and images from the webcam, capture screenshots and so on. Other observed threats so far include cryptocurrency miners, they said.
Read more: MosaicLoader Malware Delivers Facebook Stealers, RATs | Threatpost
|