This oddball malware prevents people from visiting pirated websites
The "vigilante malware" modifies the HOSTS file on the infected system, which according to the researchers is a crude but effective method to prevent a computer from being able to reach a web address.
- Country:
- United Kingdom
Researchers at cybersecuirty firm Sophos recently discovered a new type of malware campaign that, instead of stealing sensitive data or demanding a ransom, prevents people from visiting software piracy websites by using a decade-old HOSTS modification trick.
The "vigilante malware" modifies the HOSTS file on the infected system, which according to the researchers is a crude but effective method to prevent a computer from being able to reach a web address.
NEW: Vigilante malware rats out software pirates while blocking ThePirateBayA collection of malware samples revives a decade-old HOSTS modification trick to block hundreds of websites...(a thread) 1/12 pic.twitter.com/wLClop9bUF
— SophosLabs (@SophosLabs) June 17, 2021
"Instead of seeking to steal passwords or to extort a computer's owner for ransom, this malware blocks infected users' computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system," Andrew Brandt, principal researcher, SophosLabs, wrote in a blog post.
"We weren't able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload," he added.
According to the researchers, some of the malware is disguised as pirated copies of a wide variety of software packages, was hosted on Discord, a popular game chat service while other copies were also named after popular games, productivity tools, and security products. These were accompanied by additional files that make it appear to have originated with a file-sharing account on The Pirate Bay, a well-known torrenting website.
There seem to be hundreds of different software brands represented by the filenames found in a search on Virustotal for related samples.The files that appear to be hosted on Discord’s file sharing tend to be lone executable files. 9/12 pic.twitter.com/EjasBb4uhr
— SophosLabs (@SophosLabs) June 17, 2021
To know more about the newly-discovered malware campaign, head over to the Sophos website.
- READ MORE ON:
- malware pirated websites
- vigilante malware
- Sophos
- cybersecurity
Google News