Cybercriminals continue to prey on software pirates by infecting their systems with dangerous malware capable of stealing their credentials, credit card data, cryptocurrencies and even their Facebook and Amazon accounts.
According to a new press release (opens in new tab) from the cybersecurity firm Kaspersky, the NullMixer malware is currently being distributed by cybercriminals via websites that offer to crack, generate keys for or activate illegally downloaded software.
When an unsuspecting user tries to download cracked software from third-party sites, they are repeatedly redirected to a website that contains a password-protected archived program along with detailed instructions. While everything looks normal, when a user follows the provided instructions, they actually launch NullMixer. This drops multiple malware files, including downloaders, spyware, backdoors and other threats on their computer.
NullMixer also drops other malware on a victim’s machine including the infamous RedLine stealer that hunts for credit card and cryptocurrency wallet data and Disbuk. By stealing cookies from Facebook and Amazon, Disbuk allows the attackers to hack your Facebook as well as your Amazon account.
So far, more than 47,000 users have been infected by NullMixer. In addition to stealing a user’s online accounts, this malware is actually capable of spying on them and capturing any information they enter on their keyboard.
Using SEO to their advantage
Ranking high on Google is important for any website and by using search engine optimization (SEO) tools, the cybercriminals behind this campaign have made their malicious websites even easier to find.
According to Kaspersky, when a potential victim searches for “cracks” or “keygens” on Google Search, they’re more likely to find sites known for distributing NullMixer. Since the beginning of this year, the firm’s antivirus software has blocked attempts to infect almost 50,000 users with the countries most targeted by NullMixer including Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.
Security researcher at Kaspersky, Haim Zigel provided further insight on this new malware campaign in a press release (opens in new tab), saying:
“Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time. Receiving NullMixer, users get several threats at once. Any information you type on your keyboard will be available to the attackers: from messages you write to your friends on Facebook, the address you use to order on Amazon, to logins and passwords from your device or cryptocurrency accounts, and credit card data. As a result, the entire device with all your information is now in the hands of cybercriminals. Keep this in mind when you decide to download something from an unknown site, because this threat can always be avoided by using only licensed products and robust security solutions.”
How to stay safe from NullMixer
In order to avoid having your banking information stolen and your online accounts compromised, Kaspersky highly recommends that users only download software from trusted sources. This is because malware and other unwanted software are often distributed through third-party sites as they tend to have less security.
At the same time, you should never download pirated software or any other illegal content even if you are redirected from a legitimate website. Likewise, you should frequently check your online accounts for suspicious activity and unknown transactions.
Installing one of the best internet security suites can help you stay safe online and protect you from downloading malware and other viruses. If you do happen to become infected with NullMixer, you also might want to invest in the best identity theft protection so that you can recover your stolen financial accounts.