New NullMixer dropper infects your PC with a dozen malware households

New NullMixer dropper infects your PC with a dozen malware households

A brand new malware dropper named ‘NullMixer’ is infecting Home windows units with a dozen completely different malware households concurrently by means of pretend software program cracks promoted on malicious websites in Google Search outcomes.

NullMixer acts as an an infection funnel, utilizing a single Home windows executable to launch a dozen completely different malware households, resulting in over two dozen infections working a single system.

These infections vary from password-stealing trojans, backdoors, adware, bankers, pretend Home windows system cleaners, clipboard hijackers, cryptocurrency miners, and even additional malware loaders.

To distribute the malware, the malware distributors use ‘black hat search engine optimisation’ to show web sites selling the pretend recreation cracks and pirated software program activators in excessive search outcome positions on Google.

BleepingComputer examined a Google seek for ‘software program crack,’ and most of the websites mentioned to be distributing this malware, as proven beneath, had been listed in our search ends in the second, third, and fourth search outcome positions.

Malicious sites baiting pirate software hunters
Malicious websites baiting customers on the lookout for pirated software program (Kaspersky)

Unsuspecting customers who try and obtain software program from these websites are redirected to different malicious websites that drop a password-protected ZIP archive containing a duplicate of the NullMixer dropper.

The ZIP archive users download themselves
The ZIP archive customers obtain themselves (Kaspersky)

As a result of software program cracks and cheats generally want to switch recreation information, customers downloading them disregard AV warnings about unsigned and doubtlessly harmful executables, bypassing safety controls and executing them manually.

Kaspersky, whose analysts found the brand new dropper, reviews that NullMixer has already tried infections on 47,778 of its prospects throughout the USA, Germany, France, Italy, India, Russia, Brazil, Turkey, and Egypt.

Launching dozens of malware

NullMixer is often downloaded as information named equally to ‘win-setup-i864.exe,’ that when launched, create a brand new file known as ‘setup_installer.exe.’

This new file is liable for dropping dozens of malware households and, having executed that, launches one other executable, ‘setup_install.exe.’

That third file launches all malware dropped within the compromised machine utilizing a hardcoded checklist of their names and the Home windows’ cmd.exe’ device.

NullMixer execution chain
NullMixer execution chain (Kaspersky)

Some malware households dropped by NullMixer embody Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and extra.

Part of the malware strains dropped by Nullmixer
A number of the malware strains dropped by NullMixer (Kaspersky)

The rationale why NullMixer operators selected to put in and launch all these malware households concurrently on randomly compromised computer systems is unclear. 

The operators could choose to trigger destruction for fame, promote their device as a really efficient dropper to malware gangs, or obtain absurd ranges of redundancy.

Regardless of the case, it will be virtually unattainable for all these malware households to run on a breached laptop and never generate considerable signs of compromise for the sufferer to understand the an infection.

These signs may embody heavy exhausting disk exercise, elevated CPU and reminiscence utilization, uncommon home windows opening for no motive, or just a noticeable efficiency situation on the contaminated system.

Thus, NullMixer is much less of a stealthy menace now and extra of a catastrophic encounter that may seemingly solely be resolved by means of a reinstall of Home windows.

Customers should all the time take into account the dangers of downloading executables from obscure on-line sources and keep away from resorting to software program piracy.

Leave a Reply

Next Post

Report: 'Apple Pay Later' Seemingly Delayed Till Spring 2023 With iOS 16.4

Fri Sep 30 , 2022
Sunday September 25, 2022 7:34 am PDT by Sami Fathi Apple Pay Later, an upcoming service from Apple that can let qualifying U.S. prospects cut up a purchase order into 4 equal funds over six weeks, is reportedly being delayed till 2023 resulting from technical engineering challenges. Introduced at WWDC […]
Report: ‘Apple Pay Later’ Seemingly Delayed Till Spring 2023 With iOS 16.4

You May Like