No Comments

Windows password stealing malware spreads in paid search engine ads


A new type of malware is using ads displayed on search engines like Google and Bing to spread. Discovered by security company BitDefender, the threat is capable of stealing Windows passwords, installing cryptocurrency miners (cryptojacking) and opening the door for trojans and other threats to enter a machine.

The malware was dubbed MosaicLeader and focuses on Microsoft’s operating system, creating Windows Defender exceptions for specific filenames. BitDefender claims that the name was chosen because of the threat’s intricate internal structure, which is intended to avoid its reverse engineering and analysis by security experts.

MosaicLeader spreads through paid advertisements, which promise to offer interested users to download pirated software. On infiltrating a system, it creates a complex chain of processes and tries to download various additional threats, including cookie thieves, miners and even backdoors (pests that open access holes) like Grupteba.

To avoid the distrust of victims, MosaicLeader reproduces all the information and file systems of the software it promises to offer for free. However, even though folder names and structures are copied, only the malicious program is actually installed on victims’ machines.

Home users are the main targets

Analysis conducted by the security company shows that the malware does not target specific countries or organizations. However, as it is associated with illegal downloading of protected products, the main victims are expected to be home users in search of cracked programs.

Distribution via search engines carries an additional risk, as paid ads tend to gain more prominence over those deemed legitimate. As these advertisements are acquired through an automated system, chances are that the companies operating it will know that the promoted links contain malware before they are reported.

BitDefender advises that users who want to stay safe from malware should avoid downloading any files from suspicious websites, especially those that promise unlocked and free versions of paid apps. She also advises companies to adopt additional safeguards to prevent employees on Home Office systems from being affected.


Source: ZDNetBitDefender, CanalTech.

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.