NullMixer malware spies on you and steals your online accounts — what you need to know

Malware
(Image credit: solarseven/Shutterstock)

Cybercriminals continue to prey on software pirates by infecting their systems with dangerous malware capable of stealing their credentials, credit card data, cryptocurrencies and even their Facebook and Amazon accounts.

According to a new press release (opens in new tab) from the cybersecurity firm Kaspersky, the NullMixer malware is currently being distributed by cybercriminals via websites that offer to crack, generate keys for or activate illegally downloaded software.

When an unsuspecting user tries to download cracked software from third-party sites, they are repeatedly redirected to a website that contains a password-protected archived program along with detailed instructions. While everything looks normal, when a user follows the provided instructions, they actually launch NullMixer. This drops multiple malware files, including downloaders, spyware, backdoors and other threats on their computer.

NullMixer also drops other malware on a victim’s machine including the infamous RedLine stealer that hunts for credit card and cryptocurrency wallet data and Disbuk. By stealing cookies from Facebook and Amazon, Disbuk allows the attackers to hack your Facebook as well as your Amazon account.

So far, more than 47,000 users have been infected by NullMixer. In addition to stealing a user’s online accounts, this malware is actually capable of spying on them and capturing any information they enter on their keyboard.

Using SEO to their advantage

person at desk on laptop accessing google

(Image credit: Unsplash)

Ranking high on Google is important for any website and by using search engine optimization (SEO) tools, the cybercriminals behind this campaign have made their malicious websites even easier to find.

According to Kaspersky, when a potential victim searches for “cracks” or “keygens” on Google Search, they’re more likely to find sites known for distributing NullMixer. Since the beginning of this year, the firm’s antivirus software has blocked attempts to infect almost 50,000 users with the countries most targeted by NullMixer including Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey and the United States.

Security researcher at Kaspersky, Haim Zigel provided further insight on this new malware campaign in a press release (opens in new tab), saying:

“Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time. Receiving NullMixer, users get several threats at once. Any information you type on your keyboard will be available to the attackers: from messages you write to your friends on Facebook, the address you use to order on Amazon, to logins and passwords from your device or cryptocurrency accounts, and credit card data. As a result, the entire device with all your information is now in the hands of cybercriminals. Keep this in mind when you decide to download something from an unknown site, because this threat can always be avoided by using only licensed products and robust security solutions.”

How to stay safe from NullMixer

In order to avoid having your banking information stolen and your online accounts compromised, Kaspersky highly recommends that users only download software from trusted sources. This is because malware and other unwanted software are often distributed through third-party sites as they tend to have less security.

At the same time, you should never download pirated software or any other illegal content even if you are redirected from a legitimate website. Likewise, you should frequently check your online accounts for suspicious activity and unknown transactions.

Installing one of the best internet security suites can help you stay safe online and protect you from downloading malware and other viruses. If you do happen to become infected with NullMixer, you also might want to invest in the best identity theft protection so that you can recover your stolen financial accounts.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.