If you’ve ever needed a compelling argument against downloading pirated software, cracks or activators, here’s one – you’ll probably end up with a dangerous infostealer along the way.
Experts at Zscaler analyzed several ongoing malware distribution campaigns recently, using SEO poisoning techniques to find an unknown threat actor (or multiple actors) that their websites are facing in popular software-related queries such as Adobe Acrobat. Appear higher on the Google result pages for Pro 7. -Data Recovery Suite, and many other programs.
These websites, often appearing on the .com domain but also on less popular domains such as .xyz, or .cfd, claim to host these programs (and others), as well as cracks, activators, or anything else that All that is required is an order to get a commercial (and expensive) program to work – for free.
Redline Steeler or Recordbreaker
What victims will actually be downloading to their endpoint, however, are not the programs in question, but rather dangerous infostealing malware, such as Redline Stealer, or Recordbreaker. This type of malware is capable of all kinds of nasties, from stealing passwords stored in the browser to stealing payment data, to grabbing screenshots.
The best way to guard against these attacks, the researchers say, is to avoid downloading pirated software in the first place, along with any cracks, keygens, activators, or anything like that.
In addition, users can protect their endpoints (opens in new tab) by installing antivirus or malware (opens in new tab) security service, as well as a firewall. Finally, setting up two-factor authentication on as many accounts as possible will prevent threat actors from compromising accounts, even if they manage to obtain login credentials.
Also, it’s important to note that just because a website pops up high on Google’s search engine results page (or any other search engine for that matter), doesn’t mean it’s legit and doesn’t mean it’s a good idea to users. It should be trusted by default.
Via: Bleeping Computer (opens in new tab)