Friday, March 29, 2024

Vigilante Malware That Blocks Infected Computers From Downloading Pirated Software

By distributing Vigilante malware a developer has managed to stop the spread of pirated software. Though, it may sound a bit odd, but, in the future, this malware blocks the infected computers from downloading and accessing any pirated software sites.

According to the experts’ investigation, this malware doesn’t steal any password, it simply blocks the users that are infected by this malware. However, the main motive of doing this is to get access to a large number of websites that are dedicated to software piracy.

Usually, the pirated software and fake crack websites are used by hackers to spread malware to trick their victims and make them believe that they are downloading the latest game or any movie.

Malware blocks access to software piracy sites

The security researchers of SophosLabs, Andrew Brandt have initially noticed that the vigilante malware is being administered is eventually stopping the pirates from accessing famous torrent sites like “The Pirate Bay,” and many more.

Apart from all this the Brandt in one of its reports stated that this new type of malware is being administered via Discord or pirated software.

While in the case of Discord the malware is being distributed as standalone executables that are disguising themselves as pirated software.

To add many entries that lead to 127.0.0.1 for the sites linked with “The Pirate Bay,” the malware modifies the Windows HOSTS file, and here all this happens, once the victim administers the executable of malware.

Not a Regular Malware

The main motive of every malware is to get cryptocurrency by stealing data in different ways, but it’s not the same in this case. However, the security researchers have pronounced that the samples of this malware do not justify the typical motive for this malware.

In the form of an HTTP GET request the file name and IP address are sent to the 1flchier[.]com that is controlled by the threat actors. Here, just with a simple change of “L” instead of “I” the threat actors can easily confuse the victim.

Apart from this, Brandt affirmed that malware in the files is considerably the same, unlike the names that are generated by the malware in the web requests.

Detection and cleanup

The cybersecurity researchers of SophosLabs have detected this malware with the help of its very unique runtime packer. And according to the specialists, the users who accidentally run these kinds of files can simply clean up their HOSTS file.

Since the Vigilante has no proper uniform method, it indicates that it will not remain installed on the infected system. So, the experts opined that the users who get infected with this malware need to edit their hosts file only to get disinfected.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles