Strange malware prevents infected people from visiting pirate sites

Cybercriminals often use pirated software to spread malware by infecting those who think they are downloading the latest game or movie.

However, Sophos researchers have warned of new malware that does not follow typical patterns of behavior: infiltrating the system, stealing information, committing bank fraud and so on. Instead, this malware prevents infected users from visiting pirated sites.

In the new report, SophosLabs explained how a new malware is being distributed that prevents victims from accessing the most popular pirate site, The Pirate Bay.

“In one of the strangest cases I’ve seen lately, one of my lab colleagues recently told me about malware whose primary purpose is moving away from the most common malware motives,” SophosLabs chief researcher Andrew Brant said in the report. “Instead of trying to steal passwords or extort ransoms from computer owners, this malware prevents infected users’ computers from visiting a large number of software piracy websites by modifying the HOSTS file on the infected system.”

According to Brant, the new malware is distributed through Discord or pirated software torrent sites. On Discord, the malware is distributed as a standalone executable file that presents itself as pirated software.

On websites like The Pirate Bay the malware is distributed in a similar way as other torrent files in the sense that it contains readme files, NFO files and shortcut files that lead back to thepiratebay.org.

However, many of the files in these torrent archives are of no use and are only added to look like typical pirated software or movie.

When a user runs malware, the Windows HOSTS file will be modified so that when a user tries to access one of the pirated sites, they will not be able to connect to the site.

The malware will also send the attacker the name of the pirated software that infected the user, and as the attacker knows the victim’s IP address, he can share this information with ISPs, copyright agencies or even the police, although it is not clear how this information is currently used. . They could also be used in further attacks, for example, to send an e-mail to an attacker and threaten the victim to reveal her illegal activities if she does not pay for silence.



Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!