Here’s another good reason not to download pirated software

If you ever needed a compelling argument against downloading pirated software, cracks, or activators, here’s one – you’ll probably end up with a dangerous infostealer along the way, too. 

Experts from Zscaler recently analyzed several ongoing malware distribution campaigns, finding an unknown threat actor (or multiple actors) is using SEO poisoning techniques to have their websites appear high up on Google results pages for popular software-related queries such as Adobe Acrobat Pro, 7-Data Recovery Suite, and several other programs. 

These websites, most often on .com domains, but also appearing on less popular domains such as .xyz, or .cfd, claim to be hosting these programs (and others), as well as cracks, activators, or anything else that’s needed in order to get a commercial (and expensive) program to work – for free. 

RedLine Stealer or RecordBreaker

What the victims would actually be downloading onto their endpoints, however, are not the programs in question, but rather dangerous infostealing malware, such as RedLine Stealer, or RecordBreaker. These types of malware are capable of all kinds of nasties, from stealing passwords stored in browsers to stealing payment data, to grabbing screenshots. 

The best way to protect against these attacks, the researchers are saying, is to refrain from downloading pirated software in the first place, as well as any cracks, keygens, activators, or anything of the sort. 

Furthermore, users can protect their endpoints by installing an antivirus or a malware protection service, as well as a firewall. Finally, setting up two-factor authentication on as many accounts as possible will prevent threat actors from compromising the accounts, even if they manage to obtain the login credentials.

Also, it is important to note that just because a website pops up high on Google’s search engine results page (or any other search engine’s, for that matter), that doesn’t mean that it’s legitimate and that users should trust it by default. 

Via: BleepingComputer

Go to Source
Author: