[TLP:WHITE] Advisory on MosaicLoader malware distributed via ads in search results

MosaicLoader is a Trojan horse-style malware that is being delivered through paid ads in search results designed to lure users looking for cracked software. Links to the malware will appear at the top of search results when people search for cracked versions of popular software.
Once planted on the system, the malware can be used to download a variety of threats onto the machine. It can be used as a gateway to steal passwords, install cryptocurrency miners, and deliver additional trojan malware which provides backdoor access to PCs. MosaicLoader also has worm-like characteristics and spreads through network shares and USB drives.


  • Compromise of your Windows computer system 
  • Exposure of confidential information such as passwords, usernames, and financial data 
  • May lead to identity theft


  • Do not download and install applications from untrusted websites, especially cracked versions. 
  • Perform a security scan: Run a FULL scan of your computer with your UPDATED anti-malware software. 
  • Users should also be wary of following instructions to turn off antivirus software, as that can lead to malicious software being allowed to infiltrate the system. 
  • Properly secure all applications that are both publicly and privately accessible. 
  • Ensure that your browser, operating system, and software are kept up to date. 
  • Strong passwords should always be used to secure internet services. Two-factor authentication is highly recommended.