Bitdefender: New cyberattack targets Microsoft Office and Adobe Photoshop cracks. Attackers use the backdoor to exfiltrate sensitive data, including wallets for the crypto currency Monero. Use of legal software in SMEs increases security.
Bitdefender has discovered a new threat to users using pirated versions of Microsoft Office and Adobe Photoshop CC. The attack leads to the installation of a backdoor that enables hackers to take complete control of the computer. The attack first appeared in the second half of 2018 and is still active, targeting users from the United States, India, Germany, the United Kingdom, Italy and Spain, among others. Bitdefender is the first security provider to spot the crack.
Once the attackers have gained control of the system with the backdoor, they can steal data, passwords and other credentials. Firefox profiles and web session cookies can also be hijacked and used maliciously. The attackers go to work very cleverly and let the hijacked computer communicate with the command and control server via TOR. This is how they disguise their location.
Software cracks: Not only illegal - also dangerous
Software cracks are modifications of software to remove or disable features that are considered undesirable, such as copy protection. Although illegal, consumers and businesses are still using them to save costs. At the same time, however, this leads to major security risks from untrustworthy software. Installing an antivirus program can help ward off such attacks. However, the attack that has just been discovered is another good reason to avoid the use of cracks and pirated software in general.
How the cracked software malware works at a glance
- Device takeover: The final malware detected by Bitdefender is a backdoor. Hackers gain full control of the device and can instruct it to do whatever the attacker wants. You can steal passwords, local files, PINs, or other credentials.
- Monero wallets: If the attacker identifies a Monero wallet stored on the device, they can steal it along with all of the crypto money stored in it.
- Firefox browser profile: With the theft of the user profile, the attacker also gains access to saved login passwords, browser history, and bookmarks and logged-in session cookies. Whoever has this can simply import it into their browser and are logged into the associated service without being asked for a password or 2FA.
- Interactive attacks: The research suggests that the backdoor is most likely operated by people who do not send automatic replies, but instead interact individually.
Bitdefender also offers more details and explanations of the attack in a full, English-language report.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de