fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Vigilante Malware Blocks Victims From Downloading Pirated Software

Vigilante Malware Blocks Victims From Downloading Pirated Software

A vigilante developer turns the tables on software pirates by distributing malware that prevents them from accessing pirated software sites in the future.

Threat actors commonly use pirated software and fake crack sites to distribute malware to unsuspecting users who think they are downloading the latest game or movie.

Malware distributed via these methods is typically information-stealing trojansransomware, or cryptominers that can be used to generate value for the threat actor.

Malware blocks access to The Pirate Bay

In a new report, SophosLabs shares how a vigilante malware is being distributed that prevents pirates from accessing the most popular copyrighted content torrent site, The Pirate Bay.

“In one of the strangest cases I’ve seen in a while, one of my Labs colleagues recently told me about a malware campaign whose primary purpose appears to stray from the more common malware motives.” explains SophosLabs Principal Researcher Andrew Brandt in the new report.

“Instead of seeking to steal passwords or to extort a computer’s owner for ransom, this malware blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.”

Also Read: How to Choose a Penetration Testing Vendor

Malware hosted on Discord

On sites like The Pirate Bay, the malware is being distributed in a similar way to other torrent files in the sense that they contain readme files, NFO files, and shortcut files back to thepiratebay.org.

A fake Readme file in a malicious torrent

However, many of the files contained in these torrent archives serve no purpose and are only added as filler to impersonate your typical pirated software/movie torrent.

“Looking more closely at these files bundled with the installer, it’s clear that they have no practical benefit other than to give the archive the appearance of files typically shared over Bittorrent, and to modify hash values with the addition of random data,” says Brandt in his report.

Once a user runs the malware executable, it will modify the Windows HOSTS file to add numerous entries that point to 127.0.0.1 for sites associated with The Pirate Bay.

HOSTS file modified by the malware

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

After adding these HOSTS entries, when a user attempts to access one of the listed sites, they will instead be redirected to their localhost and be unable to connect to the site’s actual IP address. This effectively blocks access to the listed sites that are distributing torrents for copyrighted content.

To make matters worse, when the vigilante malware is executed, it will connect to a remote host under the attacker’s control and send the name of the fake pirated software that has infected the user.

As web servers usually log a visitor’s IP address, the attacker now has both the pirate’s IP address and the name of the software or movie that they attempted to use.

While it is unknown what this information is used for, the threat actors could share it with ISPs, copyright agencies, or even law enforcement.

The attackers could also use this information in further attacks, such as email extortion campaigns where the attacker threatens to reveal the user’s illegal activity if they don’t pay a small extortion demand.

Brandt told BleepingComputer that this malware campaign was live between October 2020 and January 2021, when the attacker’s site went offline.

According to Brandt, the malicious torrents have also stopped being distributed, likely after users stopped seeding them after learning that the files were malicious or fake.

While rare, vigilantes have taken justice in their own hands in the past by hacking into Netgear to remove malwaredistributing malware to secure IoT devices, releasing weaponized version.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us