Piracy downloaders are getting a dose of karma with NullMixer — a gnarly malware that steals passwords and credit card info

Nullmixer
(Image credit: Getty Images/Sefa Kart)

NullMixer is a nasty, brutal malware that unleashes a vicious pack of gnarly infections that can wreck your PC, breach your privacy, and steal your hard-earned money.

However, according to a new report from Kapersky, NullMixer only targets piracy downloaders — web surfers who search for terms like "crack," "keygen," and "activators" on Google.  Although the illegally downloaded programs may appear to be legitimate (as ironic as that sounds), they're masquerading as infection funnels that discharge absolute chaos on users' PCs.

What is NullMixer?

NullMixer is a malicious dropper designed to unleash a gaggle of malware programs to victims' computers. The infections that are released to quarries' PCs feature 21 malware families, give or take. Yes, you read correctly — that's nearly two dozen!

For the sake of brevity, we don't dive into all of them, but here are some of the most frightening malicious programs:

  • RedLine Stealer - snatches private credentials, credit card details and digital assets from cryptocurrency wallets
  • PsuedoManuscrypt - spies on victims by stealing their browser cookies and steals cryptocurrencies by using the ClipBanker plugin
  • Fabookie - targets Facebook users by hijacking their accounts and linked-payment methods, and consequently, malicious actors use the stolen credentials to run ads from the compromised account
  • Generic.ClipBanker - monitors clipboard for cryptocurrency addresses and auto replaces them with the perpetrator's own crypto address (so victims unwittingly send their digital assets to malicious actors)
  • GCleaner - a pay-per-install malicious loader that downloads unwanted apps, helping malicious actors benefit from a pricing model that pays out rewards for every install
  • Vidar - steals sensitive information, including passwords, saved credit cards, and more

NullMixer

(Image credit: Kapersky)

Malicious actors use SEO to ensure that their NullMixer-filled downloads remain at the top of search engine results for terms like "cracked," "keygen," and "activators," making it easy for victims to stumble into their traps.

"When users attempt to download software from one of these sites, they are redirected multiple times, and end up on a page containing the download instructions and archived password-protected malware masquerading as the desired piece of software," the Kapersky report said.

NullMixer

NullMixer (Image credit: Kapersky)

The Kapersky investigators said they've been unable to attribute NullMixer to a specific group, but since the beginning of the year, the cybercriminal firm claims that it has blocked infection attempts for nearly 50,000 potential victims worldwide.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!