Ads for cracked software hide malware to steal passwords

The new Windows malware uses to steal passwords and reaches targets via ads for cracked software. MosaicLoader, as researchers dubbed it, can also deliver trojan malware and install crypto miners.

According to specialists, attackers try to sell access to Windows PCs to other criminals.

They steal passwords using search ads

The new malware reaches the victims’ computers via ads in search results. Thus, attackers use it as a gateway in order to steal passwords. Moreover, they can also install cryptocurrency miners and deliver trojan malware.

Bitdefender explained that MosaicLoader targets Windows users. Those behind it try to compromise as many computers as possible. So, Bitdefender specialists mentioned that it has already infected users around the world.

Using MosaicLoader, attackers can download Glupteba, for instance/ Thus, they can steal usernames and passwords or financial data.

A special “delivery”

Security researchers emphasize that the new malware reaches victims’ computers via advertising. And this is quite a new delivery way. Usually, attackers use phishing attacks or vulnerabilities.

When users search for cracked versions of popular software, the malware appears at the top of the search results. But only attackers know these ads are malicious.

The most vulnerable victims are employees working from home.

The security company said that employees working from home are at higher risk of downloading cracked software. According to Bitdefender, hackers choose to purchase ad slots via small networks, over the weekend. Thus, as checking teams are smaller, their ads go through manual examination.

Antivirus software is not enough

Specialists mention that antivirus software can detect the malware. Still, users turn off their protection in order to download and install cracked software.

Moreover, the download mimics the information of a legitimate software at a very detailed level: names and descriptions.

But they download MosaicLoader and the attackers get access to their machines. Then, hackers steal usernames and passwords and operate crypto miners. Also, they drop trojan malware and get backdoor access to machines.

Experts suspect that the real aim of the campaign is to sell access to the compromised computers.

Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNet that the group is completely new. He advised users to never turn off antivirus software.

Still, the best way to keep such threats away is to use one of the best ad blockers.