Kaspersky researchers have uncovered a new security threat, NullMixer, a malware stealing users credentials, address, credit card data, cryptocurrencies, and even Facebook and Amazon accounts.
Trying to download cracked software from third-party sites, more than 47,500 users were attacked with NullMixer, able to spy on users, capturing any information they're entering on the keyboard, Kaspersky researchers discovered.
NullMixer is actively distributed by cyber criminals via websites offering crack, keygen and activators for downloading software illegally. Such untrustworthy pages always pose a threat for users as instead of providing proper software, they infect victims' devices with malware, the researchers state.
In most cases, users receive adware or other unwanted software, but NullMixer is far more dangerous, as it can download a huge number of Trojans at once, which can lead to a large-scale infection of any computer network.
A typical infection takes place when attempting to download cracked software from one of these sites. The user is repeatedly redirected to a page containing a password-protected archived program and detailed instructions.
Everything looks normal as if the user is really about to download the software they need. However, following the instructions, the victim actually launches NullMixer, which drops multiple malware files on the infected machine, including downloaders, spyware, backdoors, bankers and other threats.
Among the threat families spread via NullMixer is the infamous RedLine stealer that hunts for credit card and cryptocurrency wallet data from infected machines, as well as Disbuk, also known as Socelar.
Stealing cookies from Facebook and Amazon with Disbuk, attackers can gain access to the victim's accounts from these sites, obtaining their credentials, address and even payment details. According to the researchers, cyber criminals specifically used professional SEO tools in order to maintain the first results of search engines, so they could easily be found when searching for cracks and keygens over the Internet and could target as many users as possible.
Haim Zigel, Security Researcher at Kaspersky, comments, "Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time. Receiving NullMixer, users get several threats at once.
"Any information you type on your keyboard will be available to the attackers: from messages you write to your friends on Facebook, the address you use to order on Amazon, to logins and passwords from your device or cryptocurrency accounts, and credit card data.
"As a result, the entire device with all your information is now in the hands of cybercriminals. Keep this in mind when you decide to download something from an unknown site, because this threat can always be avoided by using only licensed products and robust security solutions."
To protect from NullMixer, Kaspersky recommends:
- Only use trusted sources to download software. Malware and unwanted applications are often distributed through third-party resources where no one will check their security in the same way as official web stores do.
- Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
- A safe practice is to check your online accounts regularly for unknown transactions. Even with careful Internet surfing, downloaded spyware can steal information as it is entered on safe websites. Spyware functions like a video camera giving another user a window to each action performed on the infected computer. The owner is usually unaware that the malware is on the computer and continues to add personal information into secure, bank websites.
- Use a robust security solution. Private browsing can help to avoid internet tracking and protect from threats.