This post is also available in:
עברית (Hebrew)
While the lure of free software might seem tempting, researchers have uncovered a dangerous trend in which software cracks and fake installers contain malware designed to steal sensitive information. A report from cybersecurity firm Trend Micro reveals how attackers are distributing these malicious installers through popular platforms like YouTube and social media, putting unsuspecting users at risk.
For many users who seek alternatives to paying for expensive software like Photoshop or AutoCAD, cracked versions are often the solution. These cracked files, which bypass software protections, seem like an easy way to avoid purchasing licenses. However, they often come with hidden dangers.
The researchers found that attackers are using fake software installers to distribute infostealer malware – specifically designed to extract sensitive data from victims, including login credentials, financial details, and personal information. The stolen data can then be exploited for malicious activities including identity theft or fraud.
The malicious links promoting these cracks are typically disguised to appear legitimate. They often appear in search results or comments on platforms like YouTube, SoundCloud, and even NFT marketplaces like OpenSea. For instance, when a user searches for a program like Autodesk Keygen (a tool used to generate serial numbers), they may come across a shortened link redirecting them to a malicious download.
To evade detection, attackers use reputable file-hosting services such as Mediafire or Mega.nz, making the origin of the malware harder to trace. In addition, the malicious files are often large, password-protected, and encoded, further complicating efforts to analyze them using traditional security tools. Antivirus software is also often unable to detect the malware.
Among the infostealers identified in this campaign are LUMMASTEALER, PRIVATELOADER, MARSSTEALER, and others. These malware strains use sophisticated techniques like DLL sideloading or process injection to activate and run their payloads, making them even more challenging to remove.
Security experts urge users to be cautious when downloading cracked software and to rely on legitimate sources to protect their personal data.
