MosaicLoader Malware Uses Cracked Software to Steal Your Credentials

Many threats immediately make themselves known on your device the second they install themselves, like ransomware and other types of malware. Others, like this newly discovered threat called MosaicLoader, discreetly install themselves in the background of your device and cause problems behind the scenes. 

Cybersecurity company BitDefender discovered MosaicLoader, a malware that is capable of stealing passwords, mining cryptocurrency, and installing trojan malware on infected computers. This malware specifically targets the Windows operating system.

MosaicLoader is somewhat of an oddity among malware, as it is distributed in a much different way from other types of malware. Most forms are distributed through phishing attacks or unpatched software vulnerabilities, while MosaicLoader spreads through advertisements. These advertisements appear when users search for cracked versions of software.

When we talk about cracked software, what we mean are versions of software where a license is not needed. Typically whenever you purchase a copy of a software, you are also purchasing a license that gives you permission to use it. Without that license, the software may not operate, leading to operational issues. Sometimes employees might choose to download cracked software, particularly if they do not want to pay for the license or if the license has expired on their copy of the software.

MosaicLoader works by infecting machines that download these cracked versions of software. The malware then starts to steal passwords, mine cryptocurrency, and install trojan backdoors on the devices to allow hackers to remotely access the machine. The ultimate goal of MosaicLoader seems to be to sell compromised Windows machines to the highest bidder. Since the goal seems to be to install on as many devices as possible, these hackers’ plans should in theory be foiled if the malware fails to install on enough devices.

Therefore, it’s your responsibility as a business owner to protect this fate from befalling your own organization—for both yourself and your employees, as well as others.

Due to the unique way that this malware spreads, you can do two things to keep your company safe. The first is to make sure that all of your employees have access to the tools they need to be productive throughout the workday. Since this malware spreads through advertisements for cracked software, ensuring that your workers have properly licensed software will keep them from searching for new software.

The second is through comprehensive security solutions and thorough network monitoring. By keeping your defenses shored up and a close watch on your network traffic, you can be sure to prevent the majority of threats and identify when anything suspicious has manifested on your infrastructure. CoreTech can most certainly help in this regard. To learn how we can help you keep your business safe, reach out to us at (270) 282-4926.