This new password-stealing Windows malware is distributed via ads for cracked software
Cybersecurity company Bitdefender has discovered a new form of malware that is delivered to victims via advertisements that appear in search results. Bitdefender states that the malware is being used as a gateway for attackers to steal passwords, deliver additional malware, and install cryptocurrency miners. The malware targets Windows devices and has been named MosiacLoader. The malware has already infected victims across the world as attackers attempt to target as many systems as possible. MosiacLoader can also be used to install a threat called Glupteba onto compromised machines, another type of malware that creates a backdoor into infected systems. According to researchers, this tactic can be used to steal sensitive information such as passwords, usernames, and financial data.
MosiacLoader is popping up in malicious links at the top of search results, often when people are seeking to find cracked versions of popular software. Due to the fact that automated systems are used to buy and sell advertising space, nobody in the chain knows that the advertisements are malicious. Bitdefender stated that it is possible that MosiacLoader would be detected by antivirus software, but users already aiming to use illegally cracked software have likely turned built-in protections off in order to install the download.