Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.
As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed. Often distributed through BitTorrent in the days of yore, cracked software (also known as warez) appeal mainly to freeloaders who are happy to use a particular suite without paying for a licence.
With Microsoft Office and Adobe Photoshop being two of the most popular software suites in their niches, cracked versions were always going to be popular.
Those cracks come with a price, though: Bitdefender discovered that certain versions of both suites were being distributed with malware that stole browser session cookies (or in the case of Firefox, the user's entire profile history), hijacked Monero cryptocurrency wallets, and exfiltrated other data via BitTorrent, having first opened a backdoor on the target machine and turned off its firewall.
"Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy," said Bitdefender's Bogdan Botezatu, director of threat research and reporting and security researcher Eduard Budaca in a blog post. A batch file, chknap.bat, was also bundled.
"The tools work together to create a powerful backdoor that communicates through TOR with its command and control center: the ncat binary uses the listening port of the TOR proxy ('--proxy 127.0.0.1:9075') and uses the standard '--exec' parameter, which allows all input from the client to be sent to the application and responses to be sent ..