Tuesday, April 16, 2024

Vigilante Malware That Blocks Infected Computers From Downloading Pirated Software

By distributing Vigilante malware a developer has managed to stop the spread of pirated software. Though, it may sound a bit odd, but, in the future, this malware blocks the infected computers from downloading and accessing any pirated software sites.

According to the experts’ investigation, this malware doesn’t steal any password, it simply blocks the users that are infected by this malware. However, the main motive of doing this is to get access to a large number of websites that are dedicated to software piracy.

Usually, the pirated software and fake crack websites are used by hackers to spread malware to trick their victims and make them believe that they are downloading the latest game or any movie.

Malware blocks access to software piracy sites

The security researchers of SophosLabs, Andrew Brandt have initially noticed that the vigilante malware is being administered is eventually stopping the pirates from accessing famous torrent sites like “The Pirate Bay,” and many more.

Apart from all this the Brandt in one of its reports stated that this new type of malware is being administered via Discord or pirated software.

While in the case of Discord the malware is being distributed as standalone executables that are disguising themselves as pirated software.

To add many entries that lead to for the sites linked with “The Pirate Bay,” the malware modifies the Windows HOSTS file, and here all this happens, once the victim administers the executable of malware.

Not a Regular Malware

The main motive of every malware is to get cryptocurrency by stealing data in different ways, but it’s not the same in this case. However, the security researchers have pronounced that the samples of this malware do not justify the typical motive for this malware.

In the form of an HTTP GET request the file name and IP address are sent to the 1flchier[.]com that is controlled by the threat actors. Here, just with a simple change of “L” instead of “I” the threat actors can easily confuse the victim.

Apart from this, Brandt affirmed that malware in the files is considerably the same, unlike the names that are generated by the malware in the web requests.

Detection and cleanup

The cybersecurity researchers of SophosLabs have detected this malware with the help of its very unique runtime packer. And according to the specialists, the users who accidentally run these kinds of files can simply clean up their HOSTS file.

Since the Vigilante has no proper uniform method, it indicates that it will not remain installed on the infected system. So, the experts opined that the users who get infected with this malware need to edit their hosts file only to get disinfected.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles