Emerging Malware Threats: CountLoader and GachiLoader Spread via Cracked Software

Cybersecurity researchers have revealed a new campaign utilizing cracked software distribution to spread malware, specifically a loader called CountLoader. According to The Hacker News, CountLoader acts as an initial tool in a multi-stage attack to deliver additional malware families such as Cobalt Strike and ACR Stealer.

Users attempting to download cracked versions of legitimate software, like Microsoft Word, are redirected to malicious links where they download a ZIP archive containing an encrypted file that executes CountLoader using mshta.exe.

The malware establishes persistence by creating a scheduled task mimicking Google, configured to run for up to ten years. Another emerging threat, GachiLoader, is distributed via a network of compromised YouTube accounts.

Check Point reports GachiLoader employs obfuscated JavaScript and can deploy a second-stage malware called Kidkadi, which uses a novel technique for Portable Executable injection. This loader performs anti-analysis checks and attempts to disable Microsoft Defender to facilitate further infections.

With as many as 100 YouTube videos flagged in this campaign, the threat landscape is continually evolving, emphasizing the importance of robust security measures and user awareness of malware distribution tactics.