counterfeit software Archives

Winsage

November 8, 2024

Windows PCs targeted by new malware hitting a vulnerable driver

Researchers have identified a new threat campaign called SteelFox, which uses counterfeit software activators and cracks to infiltrate Windows systems. The campaign deploys a vulnerable driver, information-stealing malware, and a cryptocurrency miner, compromising sensitive data and exploiting system resources for illicit mining. Victims are reported globally, including regions from Brazil to China, affecting users of commercial software like Foxit PDF Editor, JetBrains, and AutoCAD. Cybercriminals continue to advertise these fake software solutions, increasing the potential for further infections.

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Tech Optimizer

August 13, 2024

Threat Actors Hijacking Websites To Deliver .NET-Based Malware

Clearlake is involved in a sophisticated cybersecurity threat that distributes counterfeit antivirus software to manipulate users into installing harmful programs. Cybercriminals are hijacking legitimate websites to spread .NET-based malware, which is difficult to detect due to its complex code. The ClearFake initiative specifically targets the .NET framework to exploit vulnerabilities in Windows systems, utilizing free code hosting services like GitHub and Bitbucket for malware distribution. Attackers also use URL shortening services to obscure malicious links, complicating detection efforts. Cybersecurity researchers advise users to be cautious of deceptive prompts to update web browsers. Indicators of Compromise (IoCs): - Infected webpage: stoicinvesting[.]com - Payload URL: dais7nsa[.]pics/endpoint - Binance contract: 0xa6165aa33ac710ad5dcd4f4d6379466825476fde - GitHub repo: github[.]com/BrowserCompanyLLC/-12 - Bitbucket repos: bitbucket[.]org/shakespeare1/workspace/projects/