Security News > 2021 > July > MosaicLoader Malware Delivers Facebook Stealers, RATs
A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that's being used to infect victims with remote-access trojans, Facebook cookie stealers and other threats.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," researchers at Bitdefender explained, in an analysis released on Tuesday.
Researchers observed the malware sprayer delivering Facebook cookie stealers, which exfiltrate login data - this allows cyberattackers to take over accounts, create posts that spread malware or those that cause reputational damage.
Exe file at first seems to be a "Big blob of packed data," researchers said - but reverse-engineering the file reveals a function call that transfers the execution of the malware from the main code section to a secondary one.
The malware sprayer's objective is to download a list of malware from a list of URLs controlled by the attackers that host malware, and to execute them.
"Systems infected with this malware become part of the network of machines that attackers can further infect with any piece of malware they want," warned researchers.
News URL
https://threatpost.com/mosaicloader-malware-facebook-stealers/167939/
Related news
- New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (source)
- Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data (source)