Recently, security analysts from Zsacler ThreatLabZ team encountered Infostealer malware distribution campaigns on fake pirated content websites. Especially small companies that want to save money with pirated copies can get into bigger problems than if they bought the software.
This type of distribution of malicious code is aimed at people who knowingly download a pirated copy from an illegal platform and therefore do not pay too much attention to what they are downloading to their hard drive in the background. In the case of the malware campaigns that have now been uncovered, they pay for this behavior by disclosing private information, which can subsequently be used for further criminal activities.
Pirate sites are not dying
More than 20 years ago, what is probably the best-known music piracy exchange saw the light of day on the Internet. Successors such as Pirate Bay expanded the media content to include films, series or software. Although many of the common web exchanges have now been closed in numerous court proceedings, there are still imitators and free riders for users who want to avoid an investment or subscription model. Cyber criminals are now looking for their victims there.
The ThreatLabZ team analyzed some campaigns that use pirate websites to distribute info-stealers. The screenshot shows Google search results from fake piracy sites that look deceptively similar to those for software piracy. These campaigns are successful because they target people who fail to see through the scam of various pop-up windows in the process of downloading software illegally.
Malware fast via pop-up window
After clicking to start the download, various redirects occur, which obscure the detection process and ultimately lead to the page with the infostealer's malicious code. On a legit site, the redirect would probably ring alarm bells. Visitors who visit dubious sites are more likely to assume that this is a process of the shareware site's business model. After users have been redirected to the final page and the download has ended, the payload of the malicious code is hidden in a zip archive file with a size of more than 10 MB. In the examined example, the URL hosting the malware is an Open Directory with more than 3000 malicious zip archives masquerading as typical files of hacked software.
The campaigns show how attackers exploit user behavior by distributing pirated software to proliferate Infostealer malware. Users can easily prevent these infections by avoiding this illegal practice and only visiting legitimate websites and obtaining software from trusted sources.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.