Take on board: how hackers spread viruses using pirated software
Pirated software, including fake installers and hacked versions of popular programs, often contain malicious software that steals personal data, experts have warned. Cybercriminals use special techniques to infect them, making the malware virtually undetectable by standard antiviruses. Details about the threats posed by the installation of pirated software, read in the material "Izvestia".
How pirated software helps spread viruses
On the risks of downloading pirated software warned researchers from the company Trend Micro.
Experts noted that many users download cracked versions of programs such as Adobe Photoshop or AutoCAD for reasons of economy. However, the desire to get free software may well turn into infection with infostealers - viruses that steal passwords, financial information and other valuable data.
According to Trend Micro, attackers spread malicious files through links posted on YouTube, OpenSea, SoundCloud and other popular platforms. When users click on these links, they end up on file-sharing and hosting sites such as Mediafire and Mega.nz, which appear to be safe. But it is from there that users download infected pirated software.
In order to bypass security systems, cybercriminals shorten links on purpose, place files of large size (sometimes the weight of archives reaches 900 MB) and protect archives with passwords. All this makes it difficult to analyze them. Meanwhile, infected archives hide such threats as LummaStealer, PrivateLoader, MarsStealer, Amadey, Penguish and Vidar. All of them infiltrate users' systems and employ techniques that make them nearly invisible to standard antivirus.
How hackers' use of pirated software is changing
The use of pirated software to spread malware is not a new phenomenon. However, it has undergone significant changes over time, says Vadim Matvienko, head of the cybersecurity research laboratory at the Gazinformservice cybersecurity analytical center, in a conversation with Izvestia.
- Today, attackers use various methods to spread malicious applications that can not only disable a computer, but also steal confidential information," the expert says.
In particular, viruses from pirated software steal data from web browsers, cryptocurrency wallets, as well as from messengers and applications (such as Telegram Desktop). In addition, advanced malware can install additional malware on victims' computers, allowing hackers to control them and use them as part of a botnet for further attacks.
In such cases, the user of pirated software will have to prove that he or she is a victim of malware and not a member of a hacker group, as it may not be obvious to digital forensic investigators why malicious activity was conducted from his or her PC. In turn, Igor Shvetsov, senior information security engineer at R-Vision, adds that today hackers are actively using fake tutorial videos on YouTube showing how to install popular software "for free".
- Often several malicious components are found in one package: an infostealer, cryptominer, remote access (RAT) and other threats," the expert says. - Attackers complicate methods of bypassing defenses, for example, by using encryption and passwords for archives. As a result, large botnet networks are forming, as more and more infected devices are becoming available.
According to Dmitry Galov, head of Kaspersky GReAT in Russia, the company's specialists have also previously detected a malicious company associated with pirated software and aimed at Russian organizations: attackers were distributing a styler disguised as a pirated activator for popular software that can be used for accounting and business management. The malware allowed attackers to gain access to corporate devices on the infected device and steal confidential data.
What types of pirated software are the most dangerous in terms of viruses
Among all types of pirated software, hacked antivirus programs pose the greatest threat, says Vitaly Fomin, head of the group of information security analysts at the Digital Economy League, in a conversation with Izvestia. The point is that by installing them for protection, in reality the user gives attackers full control over his device, which further allows them to gain access to confidential information.
- It is also worth mentioning professional programs for editing photos or creating designs, such as Adobe Premiere and Photoshop," says the expert. - Because of the high cost, many people download unofficial versions of these applications, so hackers introduce malware into them.
Vitaly Fomin adds that the gaming industry is also attractive to attackers who use pirated software to download viruses and trojans to devices. The large number of gamers and, as a consequence, the number of downloaded illegal versions of games give hackers the opportunity to gain access to huge amounts of personal data.
Hacked office packages such as Microsoft Office, Adobe Acrobat and WinRar are also particularly dangerous, as they are used both at home and in organizations, says Igor Shvetsov. At the same time, if the goal of attackers is to steal finances or information from companies, they may use specialized professional software (AutoCAD, for example), which is more likely to be installed inside an organization than a pirated computer game.
- Attackers are primarily interested in widely distributed software: office packages, tools for forming and processing schemes, as well as software for working with documents of various formats, - summarizes Alexei Kubarev, Director of Information Security at T1 Cloud.
How to protect yourself from viruses in pirated software
In order to protect themselves from threats associated with pirated software, experts interviewed by Izvestia advise to follow certain rules. Yaroslav Kargalev, head of the Cyber Security Center of F.A.C.C.T. company. Yaroslav Kargalev recommends to take care of antivirus protection of your personal device before any actions related to downloading and installing any third-party software.
- It is important to use only the official version and do not forget to double-check that the antivirus software is up to date and working," says the expert.
However, according to Yaroslav Kargalev, even the presence of antivirus software will not be a 100% guarantee of device security. In order not to become a victim of cybercriminals using this vector of infection, it is necessary to give up the very desire to use hacked software or its unlicensed versions. An alternative can be analogs from Russian developers or freely distributed ones.
In addition, when working with any software, it is important to adhere to the basic rules of digital hygiene. In particular, do not follow dubious links when searching for programs and applications. Before downloading, make sure that the software is downloaded from trusted sources - official app stores or from the official website of the developer.
- For mobile applications, it can be App Store, Google Play or Ru Store," says Daniil Chernov, author of the Solar appScreener product. - As for desktop applications, they should be downloaded only from the manufacturers' official websites.
In turn, Alexander Samsonov, a leading expert in the development and testing department of Security Code, points out that software from unofficial sources should be installed only if absolutely necessary. You should limit the availability of sensitive information on the device and on the connected network in general, or run the software in a virtualized environment.
It is usually difficult to detect malicious activity during program installation, adds Kirill Korshunov, a specialist in the expertise department of PT Sandbox (Positive Technologies). However, users should be alerted to the appearance of unknown processes on the gadget that are not related to the installed program, as well as a noticeable decrease in computer performance after downloading the program. If suspicions arise, it is worth checking the file or link with an antivirus or online services such as VirusTotal, the expert concludes.
Переведено сервисом «Яндекс Переводчик»
