By 2021, if you’re not visible on Google, crime won’t pay. Obviously, this is what the creators of the new MosaicLoader malware series discovered. PC security company Bitdefender recently released a white paper detailing new malware that uses paid advertisements to trick users into downloading…for pirated games.
Bitdefender stated that MosaicLoader was provided through downloaders that victims “seemingly” encountered when searching for pirated software (such as games and other applications). It’s no secret that malware writers often target people who download cracked software, but the interesting thing about MosaicLoader is that it is difficult to avoid being detected and can be troublesome.
“We named it MosaicLoader because of the intricate internal structure that aims to confuse malware analysts and prevent reverse-engineering,” Bitdefender said in a blog post. MosaicLoader does a few cool things. Create local exclusions for specific file names in Windows Defender. By doing this, you can try to prevent Microsoft’s antivirus software from taking action when these files start to malfunction.
Just as we have seen malware time and time again, MosaicLoader also imitates file information from legitimate software. It tries to obfuscate your code by creating smaller code snippets and random execution orders. Bitdefender stated that the malware also has “classic anti-debugging tricks”, such as preventing the debugger from doing its job.
Once installed on the system, MosaicLoader will cause all kinds of damage. This may include cookie thieves trying to hijack your login session to take over some of your online accounts. Hacking into Facebook or Twitter sounds annoying, but it can become a bigger problem. Malicious actors can find clues that help them delete other accounts related to the same person, or they can try to spread more malware by sending links that the victim considers to be a trusted friend.
MosaicLoader can also run the always annoying cryptocurrency miner in the background of your computer, bypassing CPU cycles, because you want to know why your PC suddenly becomes so slow. Malware can also try to install backdoors to allow malicious actors to enter the PC itself.
The bottom line is that MosaicLoader is not something you want to use on your system, because it strives to avoid detection and may cause various problems. The best defense is of course to avoid installing pirated software. Nowadays, the risk of pirated software is simply not worth it, especially if your code can find a way to bypass the defense.
You have an alternative to the decryption software that hides the malware! You can often see popular games for sale on Steam, GoG, or Humble Bundle. Epic gives gifts every week.