Comments by: Boris Cipot, Senior Security Engineer, at Synopsys Software Integrity Group
Misleading a computer user to install malicious software has always been a significant issue in malware distribution. This is mainly due to people using anti-malware software, especially if it has predictive technology to identify malicious actions on the fly. In the case of the MosaicLoader, even this hurdle might be overcome. MosaicLoader is posing as cracked software. In many cases, this means that the user might switch off their anti-malware software or disregard any notifications about possible malicious actions. MosaicLoader is then installed and poses as an intelligent payload installer, meaning that it will act as a gateway for other malware which might misuse the infected computer for crypto-mining or for stealing personal information such as usernames, passwords and financial data.
Users should never download software of any kind from unknown sources. It is also important to be aware that by trying to use cracked software, you are breaching license obligations and this can lead to legal action for you and, in the case that you are using a corporate computer, for your employer also. Companies should make sure that they have a strong anti-malware software installed, especially one they can maintain and control remotely. Users should not have the option to switch of their protection manually. Also it is highly advisable that corporate computers are managed and that IT has a list of used and installed software, drivers and plugins on those machines. This makes updating and mitigating security risks easier.