Penalizing Pirates: Hackers Push NullMixer Campaigns to Pilfer Data

On September 26, 2022, Kaspersky published a press release detailing a malware-spreading campaign dubbed NullMixer which aims to steal user data such as account credentials, email or other personal message content, home addresses, cryptocurrency, and credit card information by posing as a website offering free third-party resources, such as software cracks and keygens. Users looking to circumvent IT protocol or save money on software licenses might find this promise enticing, and the hackers want to take advantage of this.

How it works 

The malware’s success depends on a technique known as “user execution” (or specific user actions), wherein a user downloads a password-protected ZIP/RAR archive. A malicious file is then manually extracted and executed. 

The hackers bump their malicious sites to the top of search engine results using professional search engine optimization (SEO) tools to help drive traffic, promising users free downloads of third-party software. The downloader emulates a legitimate software download, but users instead unwittingly download NullMixer, which can infect multiple machines with malware files such as spyware and backdoors. Kaspersky notes that it blocked more than 47,500 infection attempts as of this writing, with users across the globe. 

For more technical information on the NullMixer malware infection, read Kaspersky’s full report here. 

ACA guidance

Avoid engaging in shadow IT 

Shadow IT is the intentional or unintentional use of unsanctioned third-party vendors and their IT-related hardware and software, meaning software and hardware are running inside the enterprise network, and IT is unaware. To avoid engaging in shadow IT, ACA advises users to:  

• Familiarize themselves with company policy regarding the use of external products and the procurement process, and strictly adhere to it to help avoid introducing risk to the organization 
• Ask IT before using any new vendors, and check in about doubts regarding the use of external products 
• Be honest with IT and work with them to remediate any unsanctioned third-party use 

Only download from trusted sources 

Approved third-party software should always be downloaded from legitimate vendor websites. Kaspersky notes that any download of files from untrustworthy resources is risky because users can never be certain they are legitimate or safe. Users should: 

• Purchase software when it is not free to use by design 
• Avoid pirating software to steer clear of possessing illegal content and exposing the network to associate risks 
• Visit verified third-party websites directly; do not depend on redirection from other sources 

Learn how to identify and handle suspicious links 

Websites and emails are not inherently secure and must be examined for legitimacy. Users should: 

• Be wary about impersonated registered domains that utilize variations of known domains to trick users; hover over links on PCs before clicking to ensure it matches known domains 
• Create bookmarks for frequently visited websites 
• Never download attachments from an unsolicited source 
• Contact IT department when in doubt about dubious links 

Engage with a trusted cybersecurity partner 

Cyber criminals expect their targets to find templates, guidance, and workarounds for free online. Opting for the cheap but risky route over the safe route with a price tag can open several avenues of attack. Organizations should establish relationships with trusted cyber advisors with whom they can: 

• Hold open and honest conversations regarding their present and future cyber program state 
• Solicit for timely, accurate, and experience-driven advice and feedback 

How ACA can help 

ACA Aponix^® is well-positioned to partner with organizations to provide top-of-the-line advisory services to help bolster cybersecurity programs. We provide: 

• Support and advice to build and to assess an organization’s cybersecurity risk, identify cybersecurity program gaps, and draft and execute against a mitigation roadmap.  
• Regulatory and cyber risk alerts and insights to stay current with cybersecurity, privacy, and regulatory trends and emerging threats.  
• Staff security training to educate all staff on industry best practices, cyber trends, and emerging threats. 
• Phishing testing to deploy a targeted email campaign to test employees’ ability to identify and handle malicious links. 
• Risk assessments to identify and remediate gaps in a firm’s current cybersecurity and regulatory state. 
• Policy development to protect your sensitive data and critical systems, meet regulatory requirements, and set best practices such as shadow IT protection into action. 

Learn more about our additional solutions here. 

For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us.