A malware campaign using a brand new strain called “MosaicLoader” is currently spreading around the world and is being used as a full-service malware delivery platform.

The malware is spreading through the use of ads that specifically target people who have an interest in downloading pirated software. This delivery platform is used to deliver the malicious payloads it supports.

While this malware is being used as a delivery platform, it is essential to understand the risks something like this can pose to an everyday user on social media, specifically Facebook.

What does this new risk entail, and how can enterprises protect themselves?

Unpacking the MosaicLoader Malware Campaign

Full-service malware delivery methods are used to deploy malware such as RATs (Remote Access Trojans), cookie stealers, and other potential threats. This delivery platform is used to deliver any malicious payload. To execute, the platform obtains malicious URLs from the C2 server and infects the user using the malicious payloads it received from the malicious link.

The MosaicLoader malware is currently delivered through the use of paid ads in search results. These ads are targeting browsers looking for pirated computer software such as video games, applications, etc. It has also been reported that MosaicLoader is spreading the Glupteba backdoor as well as other RAT’s that can be used to keylog, capture webcam images, and screencap the users desktop environment.

Essentially, the malware is a one-stop shop by attackers who want to deliver malicious payloads to any user.

Where Does Facebook Come In?

One of the known payloads that this malware uses can steal Facebook authentication cookies, which will allow attackers to access a user’s Facebook account.

Once attackers breach a user’s Facebook account, they can then steal personal information. From there, they can either sell that information on the dark web, target the user for further malicious activities, or even use the victim’s profile to target their friends.

With recent reports of major data scraping incidents targeting social media users, it wouldn’t be surprising if MosaicLoader had a hand in helping hackers steal this information.

New call-to-action

Whitepaper: Learn more about social media benefits and risks

How Should Enterprises Defend Themselves?

To defend against malware such as this, the best way is to avoid clicking on any suspicious links or ads on a webpage, and enacting policies that emphasize not downloading software from untrusted sources on a corporate laptop - since this all starts with people trying to download pirated software.

Being aware of the latest phishing threats and campaigns is an important aspect of defending against these types of malware campaigns, since similar malwares require the user to click on a malicious link and download a file. Enterprises should train and educate their employees on the recent cybersecurity measures and how to recognize phishing and malware attack attempts.

Moreover, having the means to scan the deep and dark web for keywords around sensitive and confidential information, such as brand names, personnel, projects, and salaries is of utmost importance. Automatic detection and defense against harmful files and malware delivery methods like MosaicLoader is a significant piece of cybersecurity, as well.

Companies need a robust cybersecurity solution that provides total visibility and protection against these cyber threats across all their third-party applications. SafeGuard Cyber provides the capability to detect, analyze, and defend against potential malware campaigns and data scraping exploits in real-time. Request a demo today to see it in action.