Here’s another good reason never to use cracked software
Cracked versions are carrying malware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers at AhnLab have detected a new version of an oldmalwarestrain, known as Amadey Bot, being distributed through software cracks and keygens.
Many people around the world would rather download a cracked version of expensive software (for example Windows, theAdobeSuite, or similar) from a torrent site, and follow up with a crack/keygen, than purchase a legitimate version that could cost a few hundred dollars.
These cracks and keygens often trigger false positive alerts with antivirus solutions, which makes them an ideal mule to carry malware, especially if the malware can act fast enough, before the victim re-enables theantivirusprogram. That’s exactly the case here, as AhnLab spotted that through keygens and cracks, threat actors have been distributing SmokeLoader, a malware dropper coded to infect the endpoint with Amadey Bot.
Stealing information and loading more malware
Amadey Bot is a four years old bot, capable of performing system reconnaissance, stealing information from the targetendpoint, and dropping additional payloads. It was also said that upon execution, the malware injects “Main Bot” into the currently running explorer.exe process, hiding from antivirus programs in plain sight.
What’s more, it copies itself to the TEMP folder with the name bguuwe.exe, and sets up a scheduled task, making sure it remains on the system even after being terminated. Besides analyzing the target system and stealing information, Amadey is also capable of dropping other malware, among which, AhnLab has found - RedLine (yuri.exe).
These fake Windows 11 upgrade installers will just infect you with malware>This nightmare incident shows why you really shouldn’t store passwords in your browser>These are the best firewalls right now
ReadLine is a popular, and highly potent stealer, that harvestsbrowsersfor saved passwords, autocomplete data, credit card information, and such. Themalwarealso runs a system inventory, pulling inintelsuch as the username, location data, hardware configuration, and information on security software installed on the device. Newer versions are even able to stealcryptocurrency walletinformation, as well as target FTP and IM clients. It can upload and download files, execute commands, and communicate with its C2 server.
The moral of the story is simple - downloading cracked software is simply not worth it, especially today when free, cloud-based alternatives are everywhere.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
