A brand new malware dropper named ‘NullMixer’ is infecting Home windows units with a dozen completely different malware households concurrently by means of pretend software program cracks promoted on malicious websites in Google Search outcomes.
NullMixer acts as an an infection funnel, utilizing a single Home windows executable to launch a dozen completely different malware households, resulting in over two dozen infections working a single system.
These infections vary from password-stealing trojans, backdoors, adware, bankers, pretend Home windows system cleaners, clipboard hijackers, cryptocurrency miners, and even additional malware loaders.
To distribute the malware, the malware distributors use ‘black hat search engine optimisation’ to show web sites selling the pretend recreation cracks and pirated software program activators in excessive search outcome positions on Google.
BleepingComputer examined a Google seek for ‘software program crack,’ and most of the websites mentioned to be distributing this malware, as proven beneath, had been listed in our search ends in the second, third, and fourth search outcome positions.
Unsuspecting customers who try and obtain software program from these websites are redirected to different malicious websites that drop a password-protected ZIP archive containing a duplicate of the NullMixer dropper.
As a result of software program cracks and cheats generally want to switch recreation information, customers downloading them disregard AV warnings about unsigned and doubtlessly harmful executables, bypassing safety controls and executing them manually.
Kaspersky, whose analysts found the brand new dropper, reviews that NullMixer has already tried infections on 47,778 of its prospects throughout the USA, Germany, France, Italy, India, Russia, Brazil, Turkey, and Egypt.
Launching dozens of malware
NullMixer is often downloaded as information named equally to ‘win-setup-i864.exe,’ that when launched, create a brand new file known as ‘setup_installer.exe.’
This new file is liable for dropping dozens of malware households and, having executed that, launches one other executable, ‘setup_install.exe.’
That third file launches all malware dropped within the compromised machine utilizing a hardcoded checklist of their names and the Home windows’ cmd.exe’ device.
Some malware households dropped by NullMixer embody Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and extra.
The rationale why NullMixer operators selected to put in and launch all these malware households concurrently on randomly compromised computer systems is unclear.
The operators could choose to trigger destruction for fame, promote their device as a really efficient dropper to malware gangs, or obtain absurd ranges of redundancy.
Regardless of the case, it will be virtually unattainable for all these malware households to run on a breached laptop and never generate considerable signs of compromise for the sufferer to understand the an infection.
These signs may embody heavy exhausting disk exercise, elevated CPU and reminiscence utilization, uncommon home windows opening for no motive, or just a noticeable efficiency situation on the contaminated system.
Thus, NullMixer is much less of a stealthy menace now and extra of a catastrophic encounter that may seemingly solely be resolved by means of a reinstall of Home windows.
Customers should all the time take into account the dangers of downloading executables from obscure on-line sources and keep away from resorting to software program piracy.