A new malware strain dubbed “MosaicLoader” targets users searching for cracked software. The malware has been so named because of its sophisticated internal structure that’s orchestrated to prevent reverse-engineering and evade analysis. Mosaic loader relies on a well-established tactic for malware delivery called search engine optimization (SEO) poisoning, wherein cybercriminals purchase ad slots in search engine results to boost their malicious links as top results when users search for terms related to pirated software. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links.
Source: https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html