12.22.2022 10:26 am

Illegal software downloads as bait for malware programs

High-quality software has its price – although many users aren’t prepared to pay it. A BSA study conducted in 2017 found that around 20 percent of software in Germany was unlicensed. While Germany is far from being a global leader in software piracy – the corresponding figure was 66 percent in China and 62 percent in Russia, for example – the practice is still dealing a loss of billions of euros to the German economy.

Every user should also be aware that downloading unlicensed software programs is associated with significant legal risks. And yet, for hundreds of thousands of users, the temptation to save a few euros is so compelling that this risk is one they are willing to take. Cyber criminals are well aware of this and happily exploit the allure of pirate copies to spread their malware and access confidential user data.

The cunning ploys of cyber criminals

The level of sophistication among these criminals is highlighted by one such campaign that surfaced just a few days ago and unfortunately proved to be extremely successful. The campaign spread malware that served as bait for very popular software programs like Adobe Acrobat Pro, 3D Mark and Sound Force Pro.

Shareware sites were specially set up for the campaign and, thanks to search engine optimisation (‑> SEO poisoning), showed up near the top of search results in Google and other search engines. With malvertising activities launched in parallel, malicious archive files were downloaded onto the computers of unsuspecting users instead of the promised software installation programs. The files’ level of technical sophistication meant standard antivirus solutions were unable to detect and put a stop to them.

The archives contained a 1.3 MB password-protected ZIP file and a TXT file with the corresponding password. Once the zipped archive was unpacked, the file size grew to 600 MB thanks to byte padding – a method commonly used by cyber criminals to prevent further analyses. Next, a cmd.exe process resulted in the download of a DLL file disguised as a JPG file, which ultimately let loose a RedLine stealer that sent the cyber criminals passwords, credit card details, bookmarks, cookies, cryptocurrency files and wallets, VPN login credentials and other details about the compromised computer that had been stored in web browsers.

What’s the answer? Natural and artificial intelligence.

The most reliable protection against malware campaigns like this one is, of course, to always avoid downloading pirate copies of software, product activators, cracks, serial key generators and anything that promises free access to software that is normally subject to a charge – not only to protect yourself from damage but also to avoid the risk of legal consequences.

However, anyone who is unwittingly lured by the promise of a free software download only to find themselves ensnared by a con involving a malware-infected archive should consider themselves very fortunate if they already have a cyber security solution like Acronis Cyber Protect in place. Unlike conventional AV products, it stops these attacks in real time before any damage can be done thanks to its anti-malware technology based on artificial intelligence.

All Acronis products at a glance »