In one shot, Trojan dropper NullMixer installs a suite of downloaders, banking Trojans, stealers, and spyware on victims' systems.

Dark Reading Staff, Dark Reading

October 5, 2022

1 Min Read
Computer software code shaded to reveal a trojan horse to illustrate malware infection
Source: Simone Brandt via Alamy

It's only after a user clicks a malicious link, downloads the malware, and then launches it that NullMixer is deployed. But once the dropper infects a victim's system, it deploys a whole bunch of bad malware, from spyware to Trojans. 

The multihyphenated malware threat lurks among sites promising licensed software workarounds and fake security key generators, according to Kaspersky, which just published a report on NullMixer. 

The malicious domains appear legitimate to users because those sites have found their way up to the first page of the Google search rankings for keywords like "cracked software" and "keygen," using advanced search engine optimization (SEO) tools, Kasperky said. Unfortunately, it's not just home users at risk — thanks to the work-from-home phenomenon and people using personal devices for work purposes, the danger to companies from these kinds of threats is clear and present.

"NullMixer runs many instances of malware all at once, and more than half of them are malicious downloaders," the Kaspersky report said. "That is, once launched, they plant some other thing (or more likely, things) on your system. As a result, instead of the program you want, you get a whole host of malware." 

Banking Trojans like DanaBot, a set of stealers including RedLine, and spyware, notably the PseudoManuscrypt Trojan, are just a few of the types of malware the NullMixer dropper is carrying, the report explained. 

"As we said at the start, downloading pirated software is always a risky venture," Kaspersky stressed in the NullMixer brief

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights