Enhanced NullMixer Polymorphic Malware Shifts Focus to Italian, French Endpoints

Cybercriminals are apparently targeting machines in Italy and France with a new malicious NullMixer operation, cybersecurity experts have found.

The campaign mainly aims at devices running Windows operating systems, including Windows 10 Professional, Enterprise and Server. However, experts found users of Windows Embedded among the victims, indicating that the malware also slithered into IoT devices.

The NullMixer malware is notorious for dropping an array of malicious components on targeted systems, including stealers, spyware, downloaders and banking Trojans. After gaining access to the endpoints, the criminals steal sensitive data and sell it on underworld markets.

Perpetrators were leveraging various malware-spreading techniques, such as social engineering and SEO poisoning. NullMixer’s recent campaign enticed system administrators to download backdoored versions of popular PC maintenance tools, providing attackers an entry point to infected systems.

“The NullMixer package is including new polymorphic loaders by third parties MaaS and PPI service providers in the underground markets, and also pieces of controversial, potentially North-Korean linked PseudoManuscript code,” reads Security Affair’s technical report.

The report says the operation compromised more than 8,000 machines in just 30 days, “with a particular emphasis on North American, Italian, and French targets.”

It also shows that the malware employs some rudimentary defense-evasion techniques, such as checking for the presence of video controllers used by emulation frameworks and common usernames set by AV emulation routines or sandboxes.

Researchers spotted another hint that could reveal the threat actors’ agenda: the malware avoids executing stealer routines if the compromised machine is set to a CIS country system language, including:

• AZ: Azerbaijan
• AM: Armenia
• BY: Belarus
• KZ: Kazakhstan
• KG: Kyrgyzstan
• MD: Moldova
• RU: Russia
• TJ: Tajikistan
• TM: Turkmenistan
• UZ: Uzbekistan

Specialized software such as Bitdefender Ultimate Security can protect you from cyberthreats with its extensive library of features, including:

• All-around, 24/7 monitoring and protection against viruses, worms, Trojans, spyware, rootkits, zero-day exploits and other e-threats
• Behavioral detection module that closely monitors active apps and takes instant action upon detecting suspicious activity
• Network threat prevention technology that blocks suspicious network-level activity, including brute force attacks, botnet-related URLs and sophisticated exploits
• Vulnerability assessment module that identifies security risks on your machine, such as outdated software, missing security patches, and unsafe system settings, then suggests the best fix