Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Must Read

Cybersecurity researchers have found an interesting piece of malware that, instead of stealing passwords or extorting the owner of a computer for ransom, blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy. However, the malware appears murky.

Researchers at Sophos, a global leader in next-generation cybersecurity, have detailed a curious cyberattack campaign targeting pirated software users with malware designed to block access to websites hosting pirated software.

Also Read

The developers disguise the malware as cracked versions of popular online games such as Minecraft and Among Us, as well as productivity tools such as Microsoft Office, security software and others.

The disguised malware is distributed via the BitTorrent platform from an account hosted on “ThePirateBay” digital file-sharing website.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

“Links to the malware are also hosted on Discord. Once installed, the malware blocks the victim’s access to a long list of websites, including many that distribute pirated software,” the researchers said in a blog post.

The researchers were not able to discern a provenance for this malware.

“But its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload,” they explained.

Andrew Brandt, principal threat researcher, Sophos, said: “Sometimes it is easy to see clearly what an adversary’s end game is and why they have chosen a particular approach to achieve it. This is not one of those times”.

On the face of it, the adversary’s targets and tools suggest this could be some kind of anti-piracy vigilante operation.

“However, the attacker’s vast potential target audience — from gamers to business professionals — make the ultimate purpose of this operation a bit murky,” Brandt cautioned.

At least some of the malware, disguised as pirated copies of a wide variety of software packages, was hosted on game chat service Discord.

Other copies, distributed through Bittorrent, were also named after popular games, productivity tools, and even security products, accompanied by additional files that make it appear to have originated with a well-known file sharing account on ThePirateBay.

In this malware case, the attackers use an age-old approach of modifying the HOSTS file settings on an infected device to “localhost” a long list of websites, thereby blocking the user’s access to them.

The malicious files are compiled for 64-bit Windows 10 and then signed with bogus digital certificates that wouldn’t pass more than a very rudimentary check.

“Once downloaded and installed by a user, the malware hunts for files named 7686789678967896789678 and 412412512512512. If it finds them it stops any further launch of the attack,” said Sophos researchers.

The malware also triggers a fake error message to appear when it runs, which asks people to re-install the software, they added.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -