Bizarre Vigilante Malware Turns Tables On Pirates By Blocking Access To Cracked Software
When people are hit by malware, it typically ends with files being locked or some other terrible outcome for the end-user. However, researchers have now discovered a piece of malware that turns the tables on people who try to pirate content by blocking illegal websites. As it turns out, perhaps not all malware is bad…
Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked library (DLL) file is missing from the computer.
The problem with detecting this malware is that the installers come bundled with random files like images, text files, and .nfo files which typically appear in other BitTorrent files. These .nfo files, however, are filled with garbage data, a racial slur repeated over 1000 times, and other random letters to potentially change the file's hash value. As Brandt explains, this is "one of the strangest cases," as the malware is not necessarily bad, save for the slurs that give us a glimpse into the person behind this. However, malware is still illegal under several U.S. laws, as is pirating. Whoever is behind this has some sort of moral compass, but it is not a very strong one. In any case, let us know what you think of this interesting malware example in the comments below.