Bitdefender discovered that cracked versions of Microsoft Office and Adobe Photoshop contain malware that steals browser session cookies and Monero cryptocurrency wallets. Users who don’t want or can’t buy a licensed version of software, instead, install such pirated software or warez.
Usually, distributed through torrent sites and downloaded with apps like BitTorrent they often come with a different kind of price – infecting users with malware.
Bitdefender recently warned cracked versions of Microsoft Office and Adobe Photoshop, two of the most popular software suites in their niches, hide malware that opens a backdoor on the target machine and then turns off its firewall to hijack Monero cryptocurrency wallets, steal browser session cookies (or the user’s entire profile history in Firefox), and siphon other data via BitTorrent.
“Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a Tor proxy,” said Bitdefender’s director of threat research Bogdan Botezatu and security researcher Eduard Budaca in a blog post.
The backdoor communicates over Tor with its command and control center. The malware uses the ‘–exec’ parameter, “which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket (reverse shell behavior),” the researchers explained.
Botezatu said the attackers first analyzed the environment they have compromised to decide what is worth stealing.
Bitdefender researchers think that the exfiltration of the Firefox profile directory was opportunistic rather than planned and that attackers “would go for any other browser installed on the device.”
Cracked software, though illegal, is very much commonplace not only at home but at work as well, which makes this trend even more concerning.