Ahoy, me mateys, there’s no honour among thieves, as cyber attacks (which are illegal) target illegal software pirates from accessing infamous pirate site The Pirate Bay, who are presumably crying out the homophone “aaaaargghhhh” in frustration.
Sophos has published new research, “Vigilante Malware Rats Out Software Pirates While Blocking ThePirateBay,” which details what Sophos is “a curious cyberattack campaign that targets users of pirated software with malware designed to block access to websites hosting pirated software.”
We’re told “the developers disguise the malware as cracked versions of popular online games such as Minecraft and Among Us, as well as productivity tool such as Microsoft Office, security software and others. The disguised malware is distributed via the BitTorrent platform from an account hosted on “ThePirateBay” digital filesharing website.
“Links to the malware are also hosted on Discord. Once installed, the malware blocks the victim’s access to a long list of websites, including many that distribute pirated software.”
Unusual aspects of the operation uncovered by Sophos researchers include:
- The attackers use an age-old approach of modifying the HOSTS file settings on an infected device to “localhost” a long list of websites, thereby blocking the user’s access to them. This approach is fairly easy to reverse, and Sophos researchers are unsure why the attackers used it
- Some of the many hundreds of sites that are being “localhosted” by the malware are unrelated to pirated software and some were shut down or became inactive in or around 2012/2013
- The malicious files are compiled for 64-bit Windows 10 and then signed with bogus digital certificates that wouldn’t pass more than a very rudimentary check
Once downloaded and installed by a user, Sophos reports “the malware hunts for files named 7686789678967896789678 and 412412512512512. If it finds them it stops any further launch of the attack. Sophos researchers believe this could be designed to prevent the malware operators from infecting their own computers while they work on the malicious code.
“The malware also triggers a fake error message to appear when it runs, which asks people to re-install the software. Sophos researchers believe this could be to allay suspicion among users who wonder why the program they received didn’t contain the installers they were expecting.”
Andrew Brandt, principal threat researcher at Sophos, said: “Sometimes it is easy to see clearly what an adversary’s end game is and why they have chosen a particular approach to achieve it. This is not one of those times.
“On the face of it, the adversary’s targets and tools suggest this could be some kind of crudely-compiled anti-piracy vigilante operation.
“However, the attacker’s vast potential target audience – from gamers to business professionals – combined with the curious mix of dated and new tools, techniques, and procedures (TTPs) and the bizarre list of websites blocked by the malware, all make the ultimate purpose of this operation a bit murky. There may not even be an overall purpose to this attack at all.
“However, that doesn’t reduce the level of risk or the potential disruption for victims. To stay safe from such attacks, install a robust security solution that will spot such scams before they reach you, and avoid downloading pirated software or anything offering you suspiciously too-good-to-be true ‘legitimate’ software.”
Sophos offers addition info of mobile threats such as “fleeceware” apps that sneakily overcharge users, fake trading apps for Android and iOS and spyware.
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.
Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
ENTER THE SHOP NOW!
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT’S ON ITWIRE TV NOW!