"Hackers Use NullMixer and SEO to Spread Malware More Efficiently"

Security researchers at Kaspersky have spotted a new series of campaigns focusing on the malware tool they named NullMixer.  According to the researchers, NullMixer spreads malware via malicious websites that can be easily found via popular search engines, including Google.  These websites are often related to crack, keygen, and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.  The researchers noted that when users attempt to download software from one of these sites, they are redirected several times and eventually land on a page containing download instructions alongside an archived password–protected malware acting as the desired software tool.  When a user extracts and executes NullMixer, the malicious software drops several malware files to the compromised machine.  These malware families may include backdoors, bankers, credential stealers, and so on.  The researchers stated that the following families are among those dropped by NullMixer: SmokeLoader/Smoke, LgoogLoader, Disbuk, RedLine, Fabookie, and ColdStealer.  The security researchers noted that in 2022 alone, they had blocked attempts to infect more than 47,778 victims worldwide, mainly across Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the United States.  The researchers stated that currently, they are unable to attribute NullMixer to any specific group or threat actor.

Infosecurity reports: "Hackers Use NullMixer and SEO to Spread Malware More Efficiently"