Brazil is the country most attacked by the data-stealing threat

Kaspersky researchers have discovered a new campaign promoting NullMixer, a malware that steals credentials, addresses, credit card information, cryptocurrencies, and even Facebook and Amazon accounts.

About 10,000 Brazilians were attacked while trying to download software from third-party websites, a number that represents more than 20% of the 47,000 detections worldwide. Brazil suffered 2.5 times more attacks by this malware than India, which took second place.

NullMixer is actively distributed by cybercriminals through websites that offer pirated software and activators for illegal software downloads.

In most cases, users already receive some adware or other unwanted software through illegal software, but NullMixer is different because it is much more dangerous because it can perform a mass download of Trojans and cause a large-scale infection on devices.

Kaspersky explains how the attack works

When trying to download cracked software from one of these websites, the victim is redirected to a page containing a password-protected program and detailed instructions. Everything looks normal, as if the person is actually about to download the software.

However, following the instructions, the person runs NullMixer, which drops various malware files onto the infected machine, including spyware, backdoors, bank robber trojans, and other threats.

Among the threats spread by NullMixer is RedLine, which, like the Disbuk malware – also known as Socelar – poaches credit card and cryptocurrency data from infected computers.

By stealing Facebook and Amazon cookies with Disbuk, fraudsters can gain access to victims’ accounts and use their credentials, address and even payment information.

Cybercriminals also use professional SEO tools to stay in the top search engine results. This makes it easier to find malicious websites using search terms such as “cracks” and “keygens”, increasing the scope of fraud.

Rule number zero: don’t download pirated software

“Any download of files from untrusted sources is a real roulette: you never know if what is being downloaded is the expected software or will come with some free malware. With NullMixer, all the information you type on your keyboard will be available to scammers: from messages sent to your friends on social networks to logins and passwords from your device or cryptocurrency account. Keep this in mind when you decide to download from an unknown website, as this threat can always be avoided by using only licensed products and robust security solutions”, comments Fabio Assolini, Global Team Director for research and analysis of Kaspersky in Latin America.

To protect yourself from NullMixer, Kaspersky recommends:

• • Use only trusted sources to download software. Malware and unwanted Trojans are often distributed through third-party resources, where security is not checked in the same way as official web stores.
• • Regularly check your online accounts for unknown transactions. Even with careful Internet browsing, downloaded spyware can steal data while accessing secure websites. Spyware works like a video camera, giving the other person a view of every action taken on the infected computer. Usually the owner is unaware that the malware is on the computer and continues to add personal information to secure banking sites.
• • Use a robust security solution. Private browsing, such as Kaspersky Internet Security, can help you avoid online tracking and protect you from threats.

HOMEWORK inspires transformation, with digital intelligence and artisanal whimsy. Our journalism affects thousands of readers every day. And our custom content solutions serve large businesses of all sizes. Learn more about our projects and contact us.+