This malware steals users’ credentials, addresses, credit card data, cryptocurrencies, and even Facebook and Amazon accounts.
The Infection Chain of NullMixer Malware
NullMixer is a dropper leading to an infection chain of a wide variety of malware families. It spreads via malicious websites that can be found mainly via search engines. These websites are using SEO to stay at the top of search engine results.
“When users attempt to download software from one of these sites, they are redirected multiple times, and end up on a page containing the download instructions and archived password-protected malware masquerading as the desired piece of software”, Kaspersky
After the user extracts the archived file with the password, the user runs the installer and executes the malware. Malware drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware and many others.
Kaspersky security solutions have blocked attempts to infect more than 47,500 users worldwide. Some of the most targeted countries are Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.
Therefore, a single file downloaded from an unreliable source can lead to a large-scale infection of a computer system. Researchers say a large proportion of the malware families dropped by NullMixer are classified as ‘Trojan-Downloaders’. The malware infections will not be limited to the malware families described in this report.
“This threat can always be avoided by using only licensed products and robust security solutions,” says Haim Zigel, security researcher at Kaspersky.