MosaicLoader: a New Malware that Steals Credentials

Many threats instantly make themselves known on your device the second they install themselves, like ransomware and other kinds of malware. Others, like the newly discovered threat called MosaicLoader, discreetly install themselves in the background of your device and cause issues behind the scenes. 

Cybersecurity organization BitDefender discovered MosaicLoader, a malware that is capable of stealing passwords, mining cryptocurrency, and installing trojan malware on infected computers. This malware specifically targets the Windows operating system.

MosaicLoader is somewhat of an oddity among malware, as it is distributed in a much different way from other types of malware. Most forms are distributed via phishing attacks or unpatched software vulnerabilities, while MosaicLoader spreads through advertisements. These advertisements appear when users search for cracked versions of software.

When we talk about cracked software, what we mean are versions of software where a license is not required. Usually whenever you purchase a copy of a software, you are also purchasing a license that gives you permission to use it. Without that license, the software may not operate, leading to operational issues. Sometimes employees might choose to download cracked software, especially if they do not want to pay for the license or if the license has expired on their copy of the software.

MosaicLoader works by infecting machines that download these cracked versions of software. The malware then starts to steal passwords, mine cryptocurrency, and install trojan backdoors on the devices to allow hackers to remotely access the machine. The ultimate goal of MosaicLoader seems to be to sell compromised Windows machines to the highest bidder. Since the goal seems to be to install on as many devices as possible, these hackers’ plans should in theory be foiled if the malware fails to install on enough devices.

Thus, it’s your responsibility as a business owner to protect this fate from befalling your own business, for both yourself and your employees, as well as others.

Due to the unique way that this malware spreads, you can do two things to keep your organization safe. The first is to make sure that all of your employees have access to the tools they need to be productive throughout the workday. Since this malware spreads through advertisements for cracked software, ensuring that your workers have properly licensed software will keep them from searching for new software.

The second is through comprehensive security solutions and thorough network monitoring. By keeping your defenses shored up and a close watch on your network traffic, you can be sure to prevent the majority of threats and identify when anything suspicious has manifested on your infrastructure. Macro Systems can most certainly help in this regard. To learn how we can help you keep your business safe, reach out to us at 703-359-9211.