Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags '‘mosaicloader’'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. Cybersecurity researchers from Bitdefender discovered a new malware, “MosaicLoader,” which is targeting users looking online for pirated software. Adversaries often target users with various phishing tactics. But sometimes, unwitting users fall into a hacker’s trap, revealing their private data to attackers. Cybersecurity researchers from Bitdefender recently identified a new malware variant that targets users who are looking online for pirated software. Tracked as MosaicLoader, the malware is distributed via paid advertisements in search results, specially crafted to trick users into clicking the malicious ads link and infect their devices. Once deployed on the system, MosaicLoader creates a complex chain of processes and automatically downloads additional payloads like cookie stealers, crypto-currency miners, and backdoors like Glupteba. Glupteba is a malware Trojan with advanced features that could turn the infected system into a remotely controlled bot and steal personal information. MosaicLoader’s Infection Flow Initially, the MosaicLoader malware adds local exclusions in Windows Defender for legitimate-looking filenames to evade security detections. The malware then deploys additional malware payloads to gain persistent access to the targeted device. The execution flow of MosaicLoader include: Creating a fake software file > Code obfuscation with execution order > Auto-downloading with several malware strains. Impact In addition to MosaicLoader, Bitdefender researchers also identified a malware sprayer distributing Facebook cookie stealers to access users’ login cookies from browsers. This allows threat actors to take over victims’ Facebook accounts, deploy malware, and steal identities. They even leveraged a variety of RATs like AsyncRAT and Powershell Dropper for their cyberespionage campaigns to obtain users’ log keystrokes, audio from the microphone, and images from the infected system. “Due to MosaicLoader’s capabilities, user privacy may be severely affected. The malware sprayer can deliver Facebook cookie stealers on the system that might exfiltrate login data, resulting in complete account takeovers, posts that can harm the reputation of businesses or persons, or posts that spread malware. Another significantly dangerous malware delivered through MosaicLoader is the Remote Access Trojans. They can log keypresses on the system, record audio from the microphone and images from the webcam, capture screenshots, etc. With this private information, attackers can take over accounts, steal digital identities and attempt to blackmail victims,” Bitdefender said. Indicators of Compromise URLs t1.cloudshielding.xyz c1.checkblanco.xyz s1.chunkserving.com m1.uptime66.com 5a014483-ff8f-467e-a260-28565368d9be.certbooster.com 0129e158-aa17-4900-99a6-30f4a49bd0a4.nordlt.com Integral.hacking101.net IP Address 195.181.169.92 Mitigation While the MosaicLoader campaign has not targeted any specific countries or sectors, the attackers are mostly targeting personal computers. To prevent MosaicLoader infections: Organizations should apply the indicators of compromises (IOCs) to endpoint detection and response (EDR) systems Ensure employees avoid downloading pirated software or applications Always download from authentic sources Keep devices updated
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.