Researchers from cybersecurity company Bitdefender are warning that hackers are using malicious software cracks to steal valuable data including cryptocurrency wallets. While compromised cracks are not new, this malware reportedly uses BitTorrent clients to transfer data and involves human operators.
From: TF, for the latest news on copyright battles, piracy and more.
It’s no secret that scammers are constantly trying to trick people into downloading malicious content from pirate sites.
These files are generally easy to spot for seasoned pirates and they are often swiftly removed from well-moderated sites. However, for casual downloaders, malware can be a serious problem.
Novices are often directed to dubious portals where these threats are harder to avoid. That can lead to disastrous consequences. This isn’t limited to annoying popups either, it can result in financial trouble as well.
Bitdefender Warns Against Malicious Cracks
This week, cybersecurity company Bitdefender reports that hackers are actively using software cracks to empty people’s cryptocurrency wallets. The company discovered a series of malicious KMS activators for Office and Windows, as well as Adobe Photoshop cracks. These can completely compromise the victim’s computer.
If these malicious cracks are executed, they drop a copy of the legitimate data transfer software “ncat.exe” that can be controlled by the hackers. This tool is used to transfer valuable data from the victim’s computer through a TOR proxy.
Torrent Clients Exfiltrate Crypto Wallets
Interestingly, Bitdefender reports that the attackers also use BitTorrent clients to exfiltrate data. Bitdefender’s director of threat research, Bogdan Botezatu, informs us that they discovered instances of the Transmission client that shared stolen data via torrents.
“Our monitoring shows that they are using the Transmission client to seed the information they want to exfiltrate. They create torrents with the data to be stolen, then use the client to seed that information through the network,” Botezatu informs TorrentFreak.
The torrent clients are not essential but Bitdefender believes that they may be used to obfuscate the malicious traffic.
“While the attackers can directly exfiltrate data by simply zipping the files and sending them across the network, the BitTorrent avenue might help them bypass potential firewalls and blend the traffic into the peer-to-peer noise,” Botezatu adds.
Hackers Install Transmission
It is worth noting that this doesn’t mean that Transmission users are somehow more vulnerable. The research found that the hackers actively install the client, so it can happen on any system.
With the backdoor, the hackers have full access to the victims’ computers. They use this to steal all sorts of valuable data, including Monero cryptocurrency wallets, if those are available.
The cybersecurity company believes that the malware isn’t completely relying on automated requests. Instead, it is likely being controlled by a human operator who can change strategy based on individual situations.
Firefox Credentials and More
In addition to stealing cryptocurrency wallets, the security researchers also found that the hackers are going after Firefox browser profile data, which includes browsing history, credentials, and session cookies. This can then be exploited to do more damage.
These are just a few examples of what can be done. Since the attackers have pretty much full access the victims are vulnerable to all sorts of threats. This may vary based on what opportunities the hackers see.
“This list of actions is non-exhaustive, as attackers have complete control of the system and can adapt campaigns based on their current interests,” Bitdefender warns.
Who’s at Risk?
As we mentioned earlier, these types of malware-ridden cracks mostly affect people who download files from sites that have little or no moderation. This is confirmed by Bitdefender as well.
“These cracks are usually hosted on direct-download websites rather than on torrent portals, as the latter have a community that downvotes and flags malicious uploads,” Botezatu says.
At the moment the malware-loaded cracks are most popular in North America and India. More technical details about the files and processes involved can be found in Bitdefender’s full writeup.
From: TF, for the latest news on copyright battles, piracy and more.
Kaufland startet am Mittwoch sein Konkurrenzangebot zu Amazon. Doch Lebensmittel kann man sich nicht liefern lassen, anders als bei Amazon Fresh. (
Sony makes high-end cameras. Sony makes high-end smartphones. And Sony makes the smartphone camera image sensors found in many of the best phones for snapping photos, including Google’s Pixel series. But Sony’s smartphones have historically been… just fine for taking pictures, although things have started to look up recently. So it’s interesting to note that […]
Ein Softwareentwickler hat den Grünen eine Rekordsumme gespendet. Seine Bitcoin-Investitionen sieht er wegen des Energieverbrauchs inzwischen kritisch. (
Das Europaparlament will ein eigenes Gesetz zu Sport-Livestreams. Illegale Angebote würden damit schärfer verfolgt als Terroristen, sagen Kritiker. (
You must be logged in to post a comment.