Security News > 2021 > July > MosaicLoader Malware Delivers Facebook Stealers, RATs
A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that's being used to infect victims with remote-access trojans, Facebook cookie stealers and other threats.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," researchers at Bitdefender explained, in an analysis released on Tuesday.
Researchers observed the malware sprayer delivering Facebook cookie stealers, which exfiltrate login data - this allows cyberattackers to take over accounts, create posts that spread malware or those that cause reputational damage.
Exe file at first seems to be a "Big blob of packed data," researchers said - but reverse-engineering the file reveals a function call that transfers the execution of the malware from the main code section to a secondary one.
The malware sprayer's objective is to download a list of malware from a list of URLs controlled by the attackers that host malware, and to execute them.
"Systems infected with this malware become part of the network of machines that attackers can further infect with any piece of malware they want," warned researchers.
News URL
https://threatpost.com/mosaicloader-malware-facebook-stealers/167939/
Related news
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Facebook ads for Windows desktop themes push info-stealing malware (source)
- China-linked APT17 Targets Italian Companies with 9002 RAT Malware (source)
- Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware (source)