"NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month"

A new version of the NullMixer dropper incorporates polymorphic loaders from Dark Web Malware-as-a-Service (MaaS) and Pay-Per-Install (PPI) providers. It is being used to target organizations in North America, Italy, and France. The malware, which is a known threat, often installs a suite of downloaders, banking Trojans, stealers, and spyware on victims' computers in a single operation. According to a NullMixer analysis conducted by Security Affairs, further improvements make the threat considerably more dangerous because the malware can now adapt to any environment it infects. The analysis also describes how threat actors have used Search Engine Optimization (SEO) poisoning and malicious video tutorials to trick Information Technology (IT) staff into installing the new malware. The newly updated NullMixer malware has gained initial access to over 8,000 endpoints in just one month, stealing data to sell to brokers on underground marketplaces. This article continues to discuss the new NullMixer polymorphic malware variant.

Dark Reading reports "NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month"