Skip to main content

Password-stealing Windows malware spreads via ads in search results

Trojan
(Image credit: wk1003mike / Shutterstock)

Cybersecurity researchers have detected a new strain of malware that can download a variety of threats, but is interestingly delivered through paid online adverts in search results.

Named MosaicLoader by the Bitdefender researchers who first ran into it, the malware is designed to infect devices of users looking for cracked software. 

“Systems infected with this malware become part of the network of machines that attackers can further infect with any piece of malware they want. During our analysis, we observed that the payloads delivered by the second stage are malware sprayers that download and run many other malicious files,” the researchers note in their analysis.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Once installed, the malware creates a complex chain of processes in its attempts to download additional threats, which could range from simple cookie stealers, and cryptocurrency miners to fully-fledged backdoors such as Glupteba.

Capitalizing on software piracy

Bitdefender shares that adverts bearing links to the malware appear at the top of search results for users searching for cracked versions of popular proprietary software.

"Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call," Bogdan Botezatu, director of threat research and reporting at Bitdefender briefed ZDNet

Bitdefender says that the campaign has no specific target countries or organizations, and indiscriminately delivers its payloads to users looking for cracked software.

Believed to be the handiwork of a new cyberthreat group, Bitdefender thinks the malware’s current form of distribution will itself keep it away from users who don’t go out looking for cracked software on the Internet.

Via ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.