What is Mosaicloader Malware?

What is Malware?

Malware is short for malicious software. Malware is a type of software that falls into the category of “computer virus” or “Trojan horse” that gets installed on your computer to steal personal information, corrupt data, invade privacy, or even damage the computer's system.

Malware can often be disguised as legitimate software to trick users into installing it on their systems without realizing the consequences. Anti-malware programs are loaded onto your computer to defend against malware attacks and remove any malware files on your system.

How Does Malware Spread?

Malware can spread in several ways. The most common way for malware to spread is through downloading files from the internet or email attachments. This can also happen when downloading pirated content that comes with any malware.

Malware can also be transferred on a computer's network or USB flash drive if a virus has infected it. When this occurs, the malware spreads to other computers on the network or through plug-and-play USB devices that have not been formatted before being used with different computers.

How Does Mosaicloader Malware Work?

Mosaicloader is a Trojan horse-style malware that was classified as malware by ESET, an antivirus vendor. It spreads through network shares and USB drives.

The malware creates a text file in the Startup folder of Windows to repeatedly scan for network shares with mapped drive letters and copy itself into those shared folders. When the malware infects a shared folder on another machine, it sends back information about the share back to its original computer. If the software finds newly connected drives on other computers, it will replicate itself there too. Mosaicloader also has worm-like characteristics; if one of its copies is installed into another computer over the network or a USB drive, that copy will follow instructions and utilize network shares.

Mosaicloader then creates a “startup key” in the registry that causes the malware to run every time a user logs into Windows. Each time Mosaicloader executes, it will check any mapped drives with the word “share,” check for mapped network drives and copy itself to those network drives. As a result, computers on the same network end up infected with Mosaicloader malware.

How to Remove Mosaicloader Malware

The official documentation on ESET's website provides instructions to remove Mosaicloader malware. However, there is no fail-safe way to fully remove Mosaicloader malware since it has a backdoor that allows it to persist unless the user has administrative privileges and changes the registry.

It is suggested that you follow up with a virus scan after removing the malware and then have your anti-malware program quarantine any leftover malicious files.

How to Protect My Computer From Malware

The first step in protecting your computer from malware is by downloading and installing an anti-malware program. Programs Microsoft Security Essentials or Windows Defender are good examples of anti-malware programs.

The second step in protecting your computer from malware is by having a secure password on your devices. You also need to make sure that you regularly scan for viruses using the software you downloaded and install on your system and clean up any leftover malicious files.