New Delhi: Cybersecurity researchers have found an interesting piece of malware that, instead of stealing passwords or to extort a computers owner for ransom, blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy. However, the malware appears murky.
Researchers at Sophos, a global leader in next-generation cybersecurity, have detailed a curious cyberattack campaign that targets users of pirated software with malware designed to block access to websites hosting pirated software.
The developers disguise the malware as cracked versions of popular online games such as Minecraft and Among Us, as well as productivity tool such as Microsoft Office, security software and others.
The disguised malware is distributed via the BitTorrent platform from an account hosted on “ThePirateBay” digital file sharing website. “Links to the malware are also hosted on Discord. Once installed, the malware blocks the victim’s access to a long list of websites, including many that distribute pirated software,” the researchers said in a blog post.
The researchers were not able to discern a provenance for this malware. “But its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload,” they explained.
On the face of it, the adversary’s targets and tools suggest this could be some kind of anti-piracy vigilante operation. “However, the attacker’s vast potential target audience — from gamers to business professionals — make the ultimate purpose of this operation a bit murky,” Brandt cautioned.