In 2021, crime doesn’t pay if you can’t be found on Google. That’s apparently what the creators of the new MosaicLoader family of malware discovered. PC security company Bitdefender recently published a whitepaper detailing the new malicious software that lures users to download it via paid ads…for pirated games.
Bitdefender says MosaicLoader is delivered through downloaders that victims “seemingly” find when searching for pirated software such as games and other applications. It’s no secret that malware creators often target people downloading cracked software, but what’s interesting about MosaicLoader is how hard it works to avoid detection and how problematic it can be.
Don’t download sketchy cracked software! We’ve already found the best free PC games and the best free software for your PC. You’ll stay MosaicLoader-free, too.
“We named it MosaicLoader because of the intricate internal structure that aims to confuse malware analysts and prevent reverse-engineering,” Bitdefender said in a blog post. MosaicLoader does a number of interesting things. It carves out local exclusions in Windows Defender for specific file names. Doing that attempts to stop Microsoft’s antivirus from taking action if these files start getting up to no good.
As we’ve seen time and again with malware, MosaicLoader also mimics file information from legitimate software. It tries to obfuscate its code by creating smaller code chunks and a shuffled execution order. Bitdefender says the malware also has “classic anti-debugging tricks” such as preventing a debugging program from doing its job.
Once installed on a system, MosaicLoader can wreak all kinds of havoc. This can include cookie stealers that try to hijack login sessions to take over some of your online accounts. Hackers getting into your Facebook or Twitter sounds pretty annoying, but it can turn into a much bigger deal. The malicious actors could find clues that help them take down other accounts related to the same person, or they could try to spread more malware by sending links from what the victims believe is a trusted friend.
MosaicLoader can also introduce the ever annoying crypto-currency miners that run in the background of your computer, siphoning off CPU cycles while you wonder why the heck your PC is suddenly so slow. The malware can also try to install backdoors to let malicious actors into the PC itself.
The bottom line is MosaicLoader is not something you want on your system, because it tries hard to avoid detection and can introduce all kinds of problems. The best defense is, of course, to avoid installing cracked software. These days, the risks of pirated software just aren’t worth it—especially if the code can figure out ways to get past your defenses.
You have alternatives to cracked software hiding sneaky malware! You can often catch popular game titles on sale on Steam, GoG, or as part of a Humble Bundle