NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month

The NullMixer loader has compromised thousands of endpoints in the US, France, and Italy, stealing data and selling it to Dark Web data dealers, all without setting off alarm bells.

A new version of the NullMixer dropper includes polymorphic loaders from malware-as-a-service (MaaS) and pay-per-install (PPI) providers on Dark Web markets, and its being used to target organizations in North America, as well as Italy and France.
The malware, a known threat, typically installs a suite of downloaders, banking Trojans, stealers, and spyware on victims systems, all in one go. The new additions, however, make the threat even more dangerous, according to a detailed NullMixer analysis this week from Security Affairs, because the threat can adapt to whatever the specific environment is that it infects.
The analysis also explains how threat actors have been using search engine optimization (SEO) poisoning and malicious video tutorials to con IT staff into installing the new malware. In just one month, the
newly enhanced NullMixer malware
has established initial access into more than 8,000 endpoints, stealing data to sell it to brokers in underground markets.
Most victims are running Windows 10 Professional and Enterprise operating systems, the NullMixer report said, adding that the malware also seems to have successfully infected Windows Embedded IoT environments.
The NullMixer package is including new polymorphic loaders by third parties MaaS and PPI service providers in the underground markets, and also pieces of controversial, potentially North-Korean linked PseudoManuscript code, the researchers explained about the latest
NullMixer malware strain
. Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers perspective.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month