AnnLab’s computer security researchers have discovered within several cracked software a new version of an old malware, known as Amadey Bot.
Faced with the high prices of certain software and operating systems such as the Adobe suite or Windows, some users prefer to find on the web cracked or pirated versions from a torrent site. This practice, illegal of course, also represents a risk for the security of your data, as explained by AnnLab’s computer security researchers.
Indeed, it is not uncommon for such pirated software to often trigger false positive alerts from antivirus software. Generally, users who download such software ignore such alert notifications. Fact, these cracks represent an ideal mule for malwarewhich will be able to take advantage of this temporary lack of antivirus protection to infect users’ PCs.
And precisely, AnnLab’s computer security experts have just discovered that hackers have distributed smokeloadermalware coded to infect a terminal with Amadey Botvia several cracked software.
Also read: Scams at payment terminals are increasing, beware of the scam
Malware hidden in cracked software
Amaday Bot is a bot that came into operation four years ago now. It is able to perform system recognition, and steal information from the targeted PC. It can also drop payloads and can also hide itself from antivirus programs.
Furthermore, it copies itself to the TEMP folder as bguuwe.exe and sets up a scheduled task. Which allows him to remain on the system even after being detected and terminated. The icing on the cake, Amadey Bot can spread other malware like RedLine. This is a particularly popular password stealer among hackers.
Its mode of operation is simple: it scans search browsers to retrieve saved passwords, automatic entry data, or bank card information for example. It recovers several information about the user present on the PC such as the user name, location data, hardware configuration or information about the security software installed on the PC.
As you will have understood, the advice of the AnnLab researchers is as follows: avoid downloading cracked software and opt instead for free alternatives hosted on the cloud for example. As a reminder, a massive phishing campaign is likely to affect SFR customers in the coming weeks.
Source: Bleeding Computer