This evil dropper infects you with a dozen malware strains at the same time

NullMixer is not among the most subtle of droppers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals have been observed usingSEOpoisoning to distribute a new malware loader which tries to infect the targetendpointwith a dozen malware families.

Researchers from Kaspersky discovered that for many people, typing the keyword “software crack” intoGooglebrings up multiple websites distributing this newmalwareloader, some of which have even made it to the famed first page of the search results. The loader in question is called “NullMixer”, and is designed for the Windows operating system and apparently, it installs all kinds of password stealers, viruses, backdoors, banking trojans, crypto miners, you name it. The only thing seemingly missing isransomware.

Among the malware families installed this way are Redline Stealer, Danabot, Raccoon Stealer, Vidar Stealer, SmokeLoader, PrivateLoader, ColdStealer, Fabookie, PseudoManuscrypt, and others.

Baiting with cracks

The attackers chose “software crack” as their main keyword, researchers believe, due to the fact that people looking for cracks will usually ignore warnings coming from their antivirus programs and install the executable files anyway.

According to Kaspersky, NullMixer has so far tried to infect more than 47,000 endpoints protected by its security solutions. The victims were located all over the world, including the U.S., Germany, France, Italy, India, Russia, Brazil, Turkey, and Egypt.

Here’s another good reason never to use cracked software>Here’s another excellent reason not to pirate your software>These are the best antivirus tools out there

The researchers were also baffled by the number of malware families being installed via NullMixer. It’s not exactly subtle. Devices that fall victim to this attack will become significantly slower, have windows popping up for no reason, and will showcase numerous other symptoms of infection. Kaspersky suspects that NullMixer could actually be a demonstration, showing other malware operators what it’s capable of doing, until one decides to use it for their own distribution efforts.

As things stand now, the best way to eliminate NullMixer from a compromised device is via a Windows reinstall.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report