General

This Strange Malware Stops You From Visiting Pirate Websites

NewsGram Desk

Cybersecurity researchers have found an interesting piece of malware that, instead of stealing passwords or extorting the owner of a computer for ransom, blocks infected users' computers from being able to visit a large number of websites dedicated to software piracy. However, the malware appears murky. Researchers at Sophos, a global leader in next-generation cybersecurity, have detailed a curious cyberattack campaign that targets users of pirated software with malware designed to block access to websites hosting pirated software.

The developers disguise the malware as cracked versions of popular online games such as Minecraft and Among Us, as well as productivity tools such as Microsoft Office, security software, and others. The disguised malware is distributed via the BitTorrent platform from an account hosted on "ThePirateBay" digital file-sharing website. "Links to the malware are also hosted on Discord. Once installed, the malware blocks the victim's access to a long list of websites, including many that distribute pirated software," the researchers said in a blog post.


The malicious files are compiled for 64-bit Windows 10 and then signed with bogus digital certificates that wouldn't pass more than a very rudimentary check.

Photo by Bermix Studio on Unsplash

The researchers were not able to discern a provenance for this malware. "But its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload," they explained.

Follow NewsGram on Facebook to stay updated.

Andrew Brandt, principal threat researcher, Sophos, said: "Sometimes it is easy to see clearly what an adversary's end game is and why they have chosen a particular approach to achieve it. This is not one of those times". On the face of it, the adversary's targets and tools suggest this could be some kind of anti-piracy vigilante operation. "However, the attacker's vast potential target audience — from gamers to business professionals — make the ultimate purpose of this operation a bit murky," Brandt cautioned. At least some of the malware, disguised as pirated copies of a wide variety of software packages, was hosted on game chat service Discord.

ALSO READ: cyber attackers bec attacks

Other copies, distributed through Bittorrent, were also named after popular games, productivity tools, and even security products, accompanied by additional files that make it appear to have originated with a well-known file-sharing account on ThePirateBay. In this malware case, the attackers use an age-old approach of modifying the HOSTS file settings on an infected device to "localhost" a long list of websites, thereby blocking the user's access to them.

The malicious files are compiled for 64-bit Windows 10 and then signed with bogus digital certificates that wouldn't pass more than a very rudimentary check. "Once downloaded and installed by a user, the malware hunts for files named 7686789678967896789678 and 412412512512512. If it finds them it stops any further launch of the attack," said Sophos researchers. The malware also triggers a fake error message to appear when it runs, which asks people to re-install the software, they added. (IANS/JC)

Future of Education with Neuro-Symbolic AI Agents in Self-Improving Adaptive Instructional Systems

Lower turkey costs set table for cheaper US Thanksgiving feast this year

Suicide bombing kills 12 Pakistan soldiers

Dark energy pushing our universe apart may not be what it seems, scientists say

Climate change boosted hurricane wind strength by 29 kph since 2019, study says