"MosaicLoader Malware Delivers Facebook Stealers, RATs"
Researchers at Bitdefender have discovered a never-before-documented Windows malware strain dubbed MosaicLoader. MosaicLoader is spreading indiscriminately worldwide through paid ads in search results, targeting people looking for pirated software and games. It masquerades as a cracked software installer, but in reality, it’s a downloader that can deliver any payload to an infected system. Researchers at Bitdefender stated that the adversaries behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service. The researchers also stated that MosaicLoader downloads a malware sprayer that obtains a list of URLs from the command-and-control (C2) server and downloads the payloads from the received links. The researchers observed the malware sprayer delivering Facebook cookie stealers, which exfiltrate login data. This allows cyberattackers to take over accounts, create posts that spread malware, or cause reputational damage. The researchers also stated that MosaicLoader is also spreading the Glupteba backdoor and a variety of RATs for espionage purposes, which can log keystrokes, record audio from the microphone and images from the webcam, capture screenshots, and so on. Other observed threats so far include cryptocurrency miners.
Threatpost reports: "MosaicLoader Malware Delivers Facebook Stealers, RATs"