A new type of malware has now been discovered. It even manages to hide its malfunctions from the eyes of the Windows Defender antivirus. Malware uses a very complex system, and the researchers who discovered it named it “Mosaicloader”.
Mosaicloader Malware is lurking Pirate software, And especially in their installer. Pit Defender, at the beginning of the invention, warns of the dangerous nature of the malware (which is common), but especially its design and its sophisticated mode of operation (which is less common).
So once the software installer hides in the software and installs it on a computer, it will download other malware from the list of URLs. Of course, he does not hesitate to install them on the machine. But what’s really complicated is that the Windows Defender antivirus can not detect the malware it installs, and its effectiveness can no longer be proven.
MosaicLoder prevents malware from installing Windows Defender from scanning
Mosaicloader derives its name from its intricate structure and installation method: it is designed to prevent any attempt at malware reverse engineering. Hidden in the pirate software installer, MosaicLoder starts by downloading a zip archive, which then opens in the% TEMP% directory.
There are two executables in this archive. They are called appsetup.exe and prun.exe. Once the PC is infected, Microsoft adds malware exceptions to Windows Defender using PowerShell commands to launch multiple instances of the terminal. Therefore, the two downloaded executables will not be scanned by Microsoft’s security package. Thus, the malware installed by MosaicLoder will fall through the cracks.
Also read: Windows Defender, a bug creates thousands of unwanted files on Windows 10 PCs
The extended capabilities of MosaicLoder installed on the computer allow it to act as a botnet and spread other malware, extending its functional area to other PCs. According to BitDefender researchers, the best way to protect yourself from these types of malware is not to download pirated software, regardless of the source. “The danger of this application is that it could spread any malware to the computer. The purpose is to download a list of malware from the sources of infection controlled by the attackers and activate them. ”
Note that it is very easy to verify that Mozilla Loader is not infected on your computer and it does not include any exceptions in Windows Defender. To do this, open the registry by typing the reset in the search field of Windows 10 or Windows 11. Exceptions are visible in the following registration keys:
- File and folder exceptions
HKEY_LOCAL_MACHINE Software Microsoft Windows Defender Exceptions Paths
- File type exceptions
HKEY_LOCAL_MACHINE Software Microsoft Windows Defender Exceptions Extensions
- Process Exceptions
HKEY_LOCAL_MACHINE Software Microsoft Windows Defender Exceptions Processes
Source: Hacker News