Downloading pirated applications does more harm than good. Moreover, recently researchers found a pirated application that was used to spread malware to steal passwords to break into crypto wallets.
This malware was found in the search results for pirated CCleaner Professional applications that appeared on Google. This malware campaign called 'FakeCrack' was discovered by security analysts at Avast.
An Avast report reveals that this campaign strikes an average of 10,000 devices a day. Most of the victims came from Brazil, India, France and Indonesia.
This malware campaign launched their attacks through suspicious sites that offered pirated versions of various popular applications, including CCleaner, Microsoft Office, Internet Download Manager, and Movavi Video Editor.
They take advantage of Black Hat SEO techniques to make these sites appear in the top search results of Google Search, so that ordinary users can be fooled and download applications that have been infected.
The applications that many find as bait are pirated versions of CCleaner Professional, a Windows system cleaning and performance optimizer software that is still considered an essential application by many users. Usually this application search is followed by keywords such as 'cracked', 'serial key', 'product activator', and 'free download'.
The search results, which are mostly malicious, will direct victims to several websites that end up on a landing page to download the ZIP file. These landing pages are usually hosted on legitimate file hosting platforms like filesend.jp or mediafire.com.
The ZIP file that must be downloaded is protected by a weak password, such as '1234'. The use of this password is only installed to protect malicious content from being detected by anti-virus applications, as quoted from Bleeping Computer, Monday (13/6/2022).
If the device is already infected, the malware will then try to steal information stored in the browser such as online account passwords, stored credit card details, and credentials for crypto wallets.
Not only that, the malware also monitors the clipboard for copied crypto wallet addresses and replaces them with wallets controlled by malware operators.
This clipboard hijacking feature targets a variety of popular cryptocurrencies, including Bitcoin, Ethereum, Cardano, Terra, Ronin, and Bitcash. Avast found that at least the operators of this malware had earned USD 50,000 from their victims.
Because the spread of this malware is very wide and the infection rate is very high, users are advised not to download pirated applications carelessly even if the download site appears in the top search results on Google.