This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
On Tuesday, security experts confirmed the existence of a previously undocumented malware strain named “MosaicLoader,” which targets people looking for cracked software as part of a global campaign.
Bitdefender researchers stated in a report shared with The Hacker News, “The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service.”
“The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links.”
The malware’s name comes from its complex internal structure, which is designed to avoid reverse engineering and escape investigation. MosaicLoader attacks employ a well-known malware delivery technique known as search engine optimization (SEO) poisoning, in which hackers buy ad slots in search engine results to elevate their harmful URLs to the top of the results when users search for keywords linked to pirated software.
Following a successful infection, the Delphi-based dropper which masquerades as a software installer and serves as an entry point for retrieving next-stage payloads from a remote server and adding local exclusions in Windows Defender for the two downloaded executables in an effort to circumvent antivirus scanning.
It’s important to note that such Windows Defender exclusions can be found in the re
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: This New Malware Hides Itself Among Windows Defender Exclusions to Avoid Detection