Thursday, March 28, 2024

Vigilante Malware That Blocks Infected Computers From Downloading Pirated Software

By distributing Vigilante malware a developer has managed to stop the spread of pirated software. Though, it may sound a bit odd, but, in the future, this malware blocks the infected computers from downloading and accessing any pirated software sites.

According to the experts’ investigation, this malware doesn’t steal any password, it simply blocks the users that are infected by this malware. However, the main motive of doing this is to get access to a large number of websites that are dedicated to software piracy.

Usually, the pirated software and fake crack websites are used by hackers to spread malware to trick their victims and make them believe that they are downloading the latest game or any movie.

Malware blocks access to software piracy sites

The security researchers of SophosLabs, Andrew Brandt have initially noticed that the vigilante malware is being administered is eventually stopping the pirates from accessing famous torrent sites like “The Pirate Bay,” and many more.

Apart from all this the Brandt in one of its reports stated that this new type of malware is being administered via Discord or pirated software.

While in the case of Discord the malware is being distributed as standalone executables that are disguising themselves as pirated software.

To add many entries that lead to 127.0.0.1 for the sites linked with “The Pirate Bay,” the malware modifies the Windows HOSTS file, and here all this happens, once the victim administers the executable of malware.

Not a Regular Malware

The main motive of every malware is to get cryptocurrency by stealing data in different ways, but it’s not the same in this case. However, the security researchers have pronounced that the samples of this malware do not justify the typical motive for this malware.

In the form of an HTTP GET request the file name and IP address are sent to the 1flchier[.]com that is controlled by the threat actors. Here, just with a simple change of “L” instead of “I” the threat actors can easily confuse the victim.

Apart from this, Brandt affirmed that malware in the files is considerably the same, unlike the names that are generated by the malware in the web requests.

Detection and cleanup

The cybersecurity researchers of SophosLabs have detected this malware with the help of its very unique runtime packer. And according to the specialists, the users who accidentally run these kinds of files can simply clean up their HOSTS file.

Since the Vigilante has no proper uniform method, it indicates that it will not remain installed on the infected system. So, the experts opined that the users who get infected with this malware need to edit their hosts file only to get disinfected.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles