![]() ![]() Top Google search engine results for “crack software” contain malicious websites delivering NullMixer #MOBILE KASPERSKY COM CRACKED#The campaign appears to target anyone looking to download cracked software, and uses SEO techniques to make these malicious sites more prominent at the top of search engine results. The user visits a website to download cracked software, keygens or activators.The whole infection chain of NullMixer is as follows: The infection vector of NullMixer is based on a ‘User Execution’ (MITRE Technique: T1204) malicious link that requires the end user to click on and download a password-protected ZIP/RAR archive with a malicious file that is extracted and executed manually. For example, the following families are among those dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, ColdStealer. These malware families may include backdoors, bankers, credential stealers and so on. When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine. When users attempt to download software from one of these sites, they are redirected multiple times, and end up on a page containing the download instructions and archived password-protected malware masquerading as the desired piece of software. It looks like these websites are using SEO to stay at the top of search engine results, making them easy to find when searching the internet for “cracks” and “keygens”. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. NullMixer spreads via malicious websites that can be found mainly via search engines. NullMixer is a dropper leading to an infection chain of a wide variety of malware families. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |