Password-stealing Windows malware spreads via ads in search results

News
By
published

Don’t download cracked software, researchers warn

Trojan
(Image credit: wk1003mike / Shutterstock)

Cybersecurity researchers have detected a new strain of malware that can download a variety of threats, but is interestingly delivered through paid online adverts in search results.

Named MosaicLoader by the Bitdefender researchers who first ran into it, the malware is designed to infect devices of users looking for cracked software. 

“Systems infected with this malware become part of the network of machines that attackers can further infect with any piece of malware they want. During our analysis, we observed that the payloads delivered by the second stage are malware sprayers that download and run many other malicious files,” the researchers note in their analysis.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Once installed, the malware creates a complex chain of processes in its attempts to download additional threats, which could range from simple cookie stealers, and cryptocurrency miners to fully-fledged backdoors such as Glupteba.

Capitalizing on software piracy

Bitdefender shares that adverts bearing links to the malware appear at the top of search results for users searching for cracked versions of popular proprietary software.

"Most likely, attackers are purchasing adverts with downstream ad networks – small ad networks that funnel ad traffic to larger and larger providers. They usually do this over the weekend when manual ad vetting is impacted by the limited staff on call," Bogdan Botezatu, director of threat research and reporting at Bitdefender briefed ZDNet

Bitdefender says that the campaign has no specific target countries or organizations, and indiscriminately delivers its payloads to users looking for cracked software.

Believed to be the handiwork of a new cyberthreat group, Bitdefender thinks the malware’s current form of distribution will itself keep it away from users who don’t go out looking for cracked software on the Internet.

Via ZDNet

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
A white padlock on a dark digital background.
Developers targeted by malicious Microsoft VSCode extensions
Magnifying glass enlarging the word &#039;malware&#039; in computer machine code
Fake CAPTCHA pages used to spread infostealer malware
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Apple&#039;s Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Lego Mario Kart – Mario &amp; Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
The Deepal EO7 from the side, an SUV and pick-up truck combo

I drove an electric SUV that transforms into a pick-up, and it’s as fun as it is functional
See more latest
Most Popular
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Ryzen AI Max+ 395
Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple&#039;s Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario &amp; Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why