New malicious malware campaign targets internet users through pirated software download sites

Recently, it has come to the light of cyber security researchers that there’s a plethora of ongoing malware campaigns meant to target internet users who intend to download copies of pirated softwares. 

The discussed campaigns make use of SEO poisoning and malvertising to increase the chances of malicious shareware sites appearing in Google search results high. These sites promotes fake softwares along with cracks and activation codes. 

Zscaler, the security researcher group that discovered the existence of these campaigns listed out the softwares used to lure potential targets. They are: Adobe Acrobat Pro, 3DMark, 3DVista Virtual Tour Pro, 7-Data Recovery Suite, MAGIX Sound Force Pro, Wondershare Dr. Fone etc. 

In most scenarios, the software installers are hosted on file hosting services. This allows the landing pages to redirect victims to other services in a quest to download the desired software. Through this the executables carries on their masquerade. 

According to the IoC section of the report by Zscaler, the fake websites are as follows: xproductkey[.]com, allcracks[.]org, prolicensekeys[.]com, deepprostore[.]com, steamunlocked[.]one and getmacos[.]org. 

On the other hand the sites that redirect the users for the download options stand on “xyz” and “cfd” top-level domains. 

The files which are downloaded are archives that contain a 1.3 mb password protected ZIP which is meant to evade AV scans. Along with it, a TXT file also exists with a  password. 

The safety measure would be to avoid downloading pirated softwares, activators, serial-key generators, mostly anything that guarantees access to paid services without paying.