'Vigilante Malware' Blocks Users From Downloading Pirated Software

'Vigilante Malware' Blocks Users From Downloading Pirated Software

Scientists have unearthed one of the most abnormal findings in the malware chronicles. It is a booby trap file that attempts to make the downloader a mouse and try to prevent future unauthorized downloads. 

Andrew Brandt, Sophos Labs Principal Investigator named the malware ‘Vigilante’. When the victim downloads and runs what appears to be pirated software or games, it gets installed. Behind the scenes, the malware reports the filename that was executed to an attacker-controlled server, along with the IP address of the victims’ computers. Lastly, Vigilante attempts to modify the victim’s computer to make piratebay.com and 1,000 other pirate sites inaccessible.

As web servers normally log a visitor's IP address, the hacker now has the access to both the pirate's IP address and the name of the software or movie that the victim attempted to use. While it is unknown what this information is used for, the attackers could share it with ISPs, copyright agencies, or even law enforcement agencies. 

“It’s really unusual to see something like this because there’s normally just one motive behind most malware: stealing stuff. Whether that’s passwords, or keystrokes, or cookies, or intellectual property, or access, or even CPU cycles to mine cryptocurrency, theft is the motive. But not in this case. These samples really only did a few things, none of which fit the typical motive for malware criminals,” Brandt explained. 

Vigilante updates files on infected computers and hijacks them from connecting to The Pirate Bay and other Internet destinations known to be used by people who trade pirated software. Brandt has discovered some of the Trojans lurking in software packages available for Discord-hosted chat s ..

Support the originator by clicking the read the rest link below.