Sophos discovers a strange cyber attack: malware blocks users of pirated software from accessing file sharing portals. The malicious files are compiled for 64-bit Windows 10, but then signed with fake digital certificates.
The latest Sophos discovery is malware that attacks file sharing users and blocks access to piracy sites. The criminal developers have disguised their malware as cracked versions of popular online games such as Minecraft or Among us, or as tools such as Microsoft Office, security software, etc. It is accessed via the BitTorrent platform from an account hosted by the digital file-sharing website “ThePirateBay” offered. Once installed, the malware blocks user access to a long list of websites, including many that distribute pirated software.
Especially strange for the analysts
- The attackers used an age-old approach of changing the settings of the hosts file on an infected device in order to “host” numerous websites “locally”.
- Some of the hundreds of websites hosted in this way have nothing to do with pirated software, some are even inactive or closed since 2012/2013.
- The malicious files are compiled for 64-bit Windows 10, but then signed with forged digital certificates that could not even withstand a very rudimentary examination.
- Once downloaded and installed, the malware hunts for files named 7686789678967896789678 and 412412512512512. As soon as they are found, the attack stops. The Sophos researchers suspect that this construction is supposed to protect the cybercriminals themselves from being infected with their creation.
The malware triggers a fake error message when executed. It asks the user to reinstall the software. According to Sophos, an attempt at obfuscation.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.