According to a Bitdefender report, there’s a rise of a new type of malware attack taking place through software cracks for Microsoft Office and Adobe Photoshop CC, two tools that are widely used and equally widely pirated. These cracks actually work in unlocking the aforementioned products but also deliver a nasty backdoor onto the victim’s machine. If that person happens to hold Monero wallets, the actors will get to steal it, along with browser data and other sensitive information.
The distribution of these cracks mostly concerns the United States, India, Canada, Greece, Germany, Italy, Spain, South Africa, and the United Kingdom. We don’t know if the campaigners are purposefully targeting these countries because they have higher Monero ownership rates or higher piracy, but Bitdefender reports that the actors are showing impressive levels of adaptation based on the shifting interests.
Some of the features of the backdoor that is dropped by the crack executables include the following:
The goal is to steal Firefox browser profile data like history, credentials, and session cookies. These are archived in a 7zip form, so they are sent to the C2 in one package. The second goal is to steal the local Monero wallet via the CLI client ‘monero-wallet-cli.exe’. The actors could easily add more capabilities onto their backdoor, and they may soon do.
Even if the crack you just downloaded works as promised, it doesn’t mean that you have not been infected by malware. Crooks don’t distribute these files for the greater good. If you don’t want to pay the amount required to legitimately purchase these products, consider using open source and free alternatives such as LibreOffice and Gimp. You might be surprised how capable these tools are.