A common method that threat actors use to infect systems is by utilizing cracked software that is installed on a device. Recently, a new, particularly dangerous type of attack, named NullMixer, has surfaced. In this article, we will analyze how this attack works and why all organizations must be prepared to face it.
The Threat of NullMixer
NullMixer can be disguised as a cracked software program or some other app that may prompt the user to ignore antivirus warnings. They manage to appear on the top of search pages by use of SEO. This attack is very dangerous, because it can infect a device with a dozen different malware families. These types of families include bankers, backdoors and credential stealers among others. All these types of malware will start running simultaneously crippling the performance of systems. Below we will list some of the most important malware families that we mentioned.
- SmokeLoader: Its main functionality is payload downloading and executing. It can also disable Windows Defender and provide anti-analysis techniques.
- RedLine Stealer: Its purpose is to steal credentials and information from browsers, as well as credit card details and cryptocurrency wallets.
- PseudoManuscrypt: This malware usually infects government organizations and research laboratories. Its main threats are spying, keylogging and stealing cryptocurrency.
- ColdStealer: A new malicious program discovered in 2022. It can steal credentials and information from web browsers, cryptocurrency wallets, FTP credentials and various files and information about the system.
- CsdiMonetize: Its purpose is to download even more malware families or PUAs (Potentially Unwanted Applications).
- DanaBot: A malware that includes various additional modules. These modules can steal information from machines. They can also inject fake forms into social media and e-commerce sites to collect payment data. Furthermore, it can provide full remote access to a system through mouse and keyboard access.
These are only some of the malware families that can infect a device through NullMixer, but there are a lot more not covered in this article.
NullMixer can be very dangerous for a device, not only because it can infect it with a lot of malware families, but also because some of these are credential stealers. Credential theft can leave a device open for even more cyber-attacks, which could be catastrophic for a company. Therefore, every organization should be prepared to face these threats.
Logstail provides a complete log management solution which is necessary today for every organisation and brings this functionality to your hands. Now you can convert your data into actionable insights with just some tweaks and prevent performance and security issues. You can maximize the performance of your infrastructure or be notified of potential problems to take the appropriate actions.
In Logstail we are also offering the full range of services required to effectively mitigate cyber-attacks. Incident response and consulting, penetration testing and red team operations are altogether aiming to help our customers reduce their cyber incidents. Sign-up for a free demo to realize the power of Logstail!