Trojan horse: Data abductors penetrate computer with pirate software

The French company Sekoia.io, specializing in cybersecurity, discovered an entire infrastructure from fake sites for downloading pirate software. More than 250 domains are used to spread malicious programs. Moreover, sites have been functioning for a very long time – since the beginning of 2020.

Sekoia.io experts report that the domains are controlled by attackers through the traffic system (Traffic Direction System, TDS), which allows other cybercriminals to rent a channel for their own malicious software.

attacks are aimed at users who are looking for hacked versions of software and games in search engines. Fraudsters bring phishing websites to the first places of search results using the “SEO Poisoning” technology, so that the victim is definitely “falling on the hook.”

On the above site, of course, there is a button to download the program. However, when pressed, a five -stage redirection of URL addresses leading a person is launched, as a result, to the archive resinching RAR file on Github.

“Such a complex structure is probably intended to ensure failure tolerance, and it also simplifies and accelerates the amendments to this system,” say French researchers.

The scheme of the malicious on the victim’s computer is as follows: when a person unpacked the RAR archive and launches the executable file contained in it, one of the two families of malicious programs, Raccoon or Vidar.

is installed in the system.

The scheme is much similar to the one that experts from Cyble previously described. Then the attackers replaced the Google ADS banners with a proposal to download popular programs like Anydesk, Bluestacks, Notepad ++ and Zoom. Of course, banners led to downloading malicious software called rhadamanthys.

An alternative attack version was also noticed, using phishing emails, disguised as software updates or even bank extracts, to make users go to fraudulent links.

Both Raccoon and Vidar are able to send attackers a wide range of personal information from hacked computers. For example, steal accounts from web browsers, as well as data from cryptocurrency wallets.

Users are recommended to refrain from loading pirate software and, if possible, configure two -factor authentication to protect accounts.

“It is extremely important that users are careful when receiving spam messages or visiting phishing websites, as well as carefully checked the source before loading any software,” the researchers say.

/Media reports cited above.