Wordfence cybersecurity researchers: The versions involved are up to, and including, 0.3.11. The issue has been completely fixed in 0.3.12.
Bitdefender: MosaicLoader spreads disguised as a cracked software. Bitdefender cybersecurity experts: The malware can deliver any payload. Threat actors purchased ad slots in search engine results to boost it
MosaicLoader is a new malware spread as a cracked software via search engines result. It has been discovered by Bitdefender cybersecurity experts. Cybercrime actors purchased ad slots in search engine results to boost their links as top results when people search for cracked software. The malicious code is a downloader, that can deliver any payload to the infected system. Once planted on the system, the malware creates a complex chain of processes and tries to download a variety of threats, from simple cookie stealers to cryptocurrency miners or more complex ones, such as the Glupteba Backdoor. Furthermore, the name “MosaicLoader” derives from its intricate internal structure that aims to confuse analysts and prevent reverse-engineering.