Researchers at Kaspersky have discovered a new campaign spreading NullMixer, a malware that steals credentials, addresses, credit card data, cryptocurrencies, and even Facebook and Amazon accounts.
While attempting to download software from third-party sites, about 10,000 Brazilians were attacked, representing more than 20% of the 47,000 detections worldwide.
Brazil suffered 2.5 times more attacks by this malware than second-placed India.
Cybercriminals actively distribute NullMixer through websites offering pirated computer programs and activators downloading software illegally.
In most cases, users already receive some adware or unwanted software through an illegal software.
NullMixer differs in that it is much more dangerous, as it can perform a massive trojan download and cause a large-scale infection on devices.
KASPERSKY EXPLAINS HOW THE ATTACK WORKS
When attempting to download the cracked software from one of these sites, the victim is redirected to a page containing a password-protected program and detailed instructions.
Everything looks normal, as if the individual is actually about to download the software.
However, following the instructions, the person launches NullMixer, which launches several malware files on the infected machine, including spyware, backdoors, bank-robbing Trojans, and other threats.
Among the threats spread by NullMixer is RedLine, which like the Disbuk malware – also known as Socelar – hunts credit card and cryptocurrency data from infected computers.
By stealing Facebook and Amazon cookies with Disbuk, scammers can access the victim’s accounts and use their credentials, address, and payment details.
Cybercriminals also use professional SEO tools to stay at the top results of search engines.
It makes it easy for malicious sites to be found with searches for terms such as “cracks” and “keygens”, increasing the reach of the scam.
RULE NUMBER ZERO: DON’T DOWNLOAD PIRATED PROGRAMS
“Any downloading of files from untrusted sources is a real roulette: you never know if what is downloaded is the expected software or if it will come with some malware as a bonus.
“With NullMixer, any information you type on your keyboard will be available to scammers: from messages sent to your friends on social networks to logins and passwords for your device or cryptocurrency accounts.
“Keep this in mind when you decide to download from an unknown site because this threat can always be avoided by using only licensed products and robust security solutions,” comments Fabio Assolini, Director of Kaspersky’s Global Research and Analysis Team in Latin America.
To protect yourself from NullMixer, Kaspersky recommends:
Use only trusted sources to download software. Unwanted malware and Trojans are often distributed through third-party resources, where security is not verified in the same way as official web stores.
Regularly check your online accounts for unknown transactions. Even with careful Internet browsing, downloaded spyware can steal information as it is entered into secure sites.
Spyware works like a video camera, giving someone else a window into every action performed on the infected computer. Usually, the owner is unaware that the malware is on the computer and continues to add personal information on secure banking sites.
Use a robust security solution. Private browsing can help you avoid Internet tracking and protect you from threats.
With information from Homework