Saturday, July 13, 2024
EHA

Vigilante Malware That Blocks Infected Computers From Downloading Pirated Software

By distributing Vigilante malware a developer has managed to stop the spread of pirated software. Though, it may sound a bit odd, but, in the future, this malware blocks the infected computers from downloading and accessing any pirated software sites.

According to the experts’ investigation, this malware doesn’t steal any password, it simply blocks the users that are infected by this malware. However, the main motive of doing this is to get access to a large number of websites that are dedicated to software piracy.

Usually, the pirated software and fake crack websites are used by hackers to spread malware to trick their victims and make them believe that they are downloading the latest game or any movie.

Malware blocks access to software piracy sites

The security researchers of SophosLabs, Andrew Brandt have initially noticed that the vigilante malware is being administered is eventually stopping the pirates from accessing famous torrent sites like “The Pirate Bay,” and many more.

Apart from all this the Brandt in one of its reports stated that this new type of malware is being administered via Discord or pirated software.

While in the case of Discord the malware is being distributed as standalone executables that are disguising themselves as pirated software.

To add many entries that lead to 127.0.0.1 for the sites linked with “The Pirate Bay,” the malware modifies the Windows HOSTS file, and here all this happens, once the victim administers the executable of malware.

Not a Regular Malware

The main motive of every malware is to get cryptocurrency by stealing data in different ways, but it’s not the same in this case. However, the security researchers have pronounced that the samples of this malware do not justify the typical motive for this malware.

In the form of an HTTP GET request the file name and IP address are sent to the 1flchier[.]com that is controlled by the threat actors. Here, just with a simple change of “L” instead of “I” the threat actors can easily confuse the victim.

Apart from this, Brandt affirmed that malware in the files is considerably the same, unlike the names that are generated by the malware in the web requests.

Detection and cleanup

The cybersecurity researchers of SophosLabs have detected this malware with the help of its very unique runtime packer. And according to the specialists, the users who accidentally run these kinds of files can simply clean up their HOSTS file.

Since the Vigilante has no proper uniform method, it indicates that it will not remain installed on the infected system. So, the experts opined that the users who get infected with this malware need to edit their hosts file only to get disinfected.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles