Only after a user clicks on a malicious link, downloads the malware, and then runs it, does NullMixer deploy. But once the dropper infects a victim’s system, it deploys a whole host of malware, from spyware to Trojans.
The multi-hyphenated malware threat lurks among sites that promise licensed software workarounds and fake security key generators, according to Kaspersky, which has just published a report on NullMixer.
Malicious domains appear legitimate to users because these sites have reached the first page of Google search rankings for keywords such as “cracked software” and “keygen” using advanced search engine optimization (SEO) tools , Kasperky said. Unfortunately, it’s not just home users who are at risk: thanks to the phenomenon of working from home and people using personal devices for work, the danger to businesses from these types of threats is clear and present.
“NullMixer runs many instances of malware at the same time, and more than half of them are malicious downloaders,” Kaspersky’s report said. “That is, once launched, they plant something else (or, more likely, things) on your system. As a result, instead of the program you want, you get a lot of malware.”
Banking trojans such as DanaBot, a theft suite that includes RedLine, and spyware, most notably the PseudoManuscrypt trojan, are just some of the types of malware carried by NullMixer, the report said.
“As we said at the beginning, downloading pirated software is always a risky business,” Kaspersky stressed at the Brief NullMixer.
[ad_2]
Source link
