Cybercriminals are apparently targeting machines in Italy and France with a new malicious NullMixer operation, cybersecurity experts have found.
The campaign mainly aims at devices running Windows operating systems, including Windows 10 Professional, Enterprise and Server. However, experts found users of Windows Embedded among the victims, indicating that the malware also slithered into IoT devices.
The NullMixer malware is notorious for dropping an array of malicious components on targeted systems, including stealers, spyware, downloaders and banking Trojans. After gaining access to the endpoints, the criminals steal sensitive data and sell it on underworld markets.
Perpetrators were leveraging various malware-spreading techniques, such as social engineering and SEO poisoning. NullMixer’s recent campaign enticed system administrators to download backdoored versions of popular PC maintenance tools, providing attackers an entry point to infected systems.
“The NullMixer package is including new polymorphic loaders by third parties MaaS and PPI service providers in the underground markets, and also pieces of controversial, potentially North-Korean linked PseudoManuscript code,” reads Security Affair’s technical report.
The report says the operation compromised more than 8,000 machines in just 30 days, “with a particular emphasis on North American, Italian, and French targets.”
It also shows that the malware employs some rudimentary defense-evasion techniques, such as checking for the presence of video controllers used by emulation frameworks and common usernames set by AV emulation routines or sandboxes.
Researchers spotted another hint that could reveal the threat actors’ agenda: the malware avoids executing stealer routines if the compromised machine is set to a CIS country system language, including:
Specialized software such as Bitdefender Ultimate Security can protect you from cyberthreats with its extensive library of features, including:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024