By distributing Vigilante malware a developer has managed to stop the spread of pirated software. Though, it may sound a bit odd, but, in the future, this malware blocks the infected computers from downloading and accessing any pirated software sites.
According to the experts’ investigation, this malware doesn’t steal any password, it simply blocks the users that are infected by this malware. However, the main motive of doing this is to get access to a large number of websites that are dedicated to software piracy.
Usually, the pirated software and fake crack websites are used by hackers to spread malware to trick their victims and make them believe that they are downloading the latest game or any movie.
Malware blocks access to software piracy sites
The security researchers of SophosLabs, Andrew Brandt have initially noticed that the vigilante malware is being administered is eventually stopping the pirates from accessing famous torrent sites like “The Pirate Bay,” and many more.
Apart from all this the Brandt in one of its reports stated that this new type of malware is being administered via Discord or pirated software.
While in the case of Discord the malware is being distributed as standalone executables that are disguising themselves as pirated software.
To add many entries that lead to 127.0.0.1 for the sites linked with “The Pirate Bay,” the malware modifies the Windows HOSTS file, and here all this happens, once the victim administers the executable of malware.
Not a Regular Malware
The main motive of every malware is to get cryptocurrency by stealing data in different ways, but it’s not the same in this case. However, the security researchers have pronounced that the samples of this malware do not justify the typical motive for this malware.
In the form of an HTTP GET request the file name and IP address are sent to the 1flchier[.]com that is controlled by the threat actors. Here, just with a simple change of “L” instead of “I” the threat actors can easily confuse the victim.
Apart from this, Brandt affirmed that malware in the files is considerably the same, unlike the names that are generated by the malware in the web requests.
Detection and cleanup
The cybersecurity researchers of SophosLabs have detected this malware with the help of its very unique runtime packer. And according to the specialists, the users who accidentally run these kinds of files can simply clean up their HOSTS file.
Since the Vigilante has no proper uniform method, it indicates that it will not remain installed on the infected system. So, the experts opined that the users who get infected with this malware need to edit their hosts file only to get disinfected.