New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

[CyberTech]

Content source

https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.

"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a report shared with The Hacker News. "The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links."

 

[Gandalf_The_Grey]

It's worth pointing out that such Windows Defender exclusions can be found in the registry keys listed below:

• File and folder exclusions - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
• File type exclusions - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions
• Process exclusions - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes

 

[ForgottenSeer 85179]

and three three locations are empty by default

 

[SumTingWong]

What about 3rd party av?

 

[Jamieshaw]

I'm am very new to any kind of technology