NullMixer Dropper Delivers a Multimalware Code Bomb

[upnorth]

Content source

https://www.darkreading.com/remote-workforce/nullmixer-multi-malware-dropper-code-bomb

It's only after a user clicks a malicious link, downloads the malware, and then launches it that NullMixer is deployed. But once the dropper infects a victim's system, it deploys a whole bunch of bad malware, from spyware to Trojans.

The multihyphenated malware threat lurks among sites promising licensed software workarounds and fake security key generators, according to Kaspersky, which just published a report on NullMixer. The malicious domains appear legitimate to users because those sites have found their way up to the first page of the Google search rankings for keywords like "cracked software" and "keygen," using advanced search engine optimization (SEO) tools, Kasperky said. Unfortunately, it's not just home users at risk — thanks to the work-from-home phenomenon and people using personal devices for work purposes, the danger to companies from these kinds of threats is clear and present.

NullMixer Dropper Delivers a Multimalware Code Bomb

In one shot, Trojan dropper NullMixer installs a suite of downloaders, banking Trojans, stealers, and spyware on victims' systems.

www.darkreading.com