Bizarre Vigilante Malware Turns Tables On Pirates By Blocking Access To Cracked Software
Sophos researcher Andrew Brandt reported yesterday that the mysterious vigilante malware typically came packaged in fake games sent over Discord. However, it could also come bundled with productivity or security tools like "AVG Remediation" or "Microsoft Visual Studio Enterprise 2019." When the fake software is first run, it creates a fake popup saying a dynamically linked library (DLL) file is missing from the computer.
The problem with detecting this malware is that the installers come bundled with random files like images, text files, and .nfo files which typically appear in other BitTorrent files. These .nfo files, however, are filled with garbage data, a racial slur repeated over 1000 times, and other random letters to potentially change the file's hash value. As Brandt explains, this is "one of the strangest cases," as the malware is not necessarily bad, save for the slurs that give us a glimpse into the person behind this. However, malware is still illegal under several U.S. laws, as is pirating. Whoever is behind this has some sort of moral compass, but it is not a very strong one. In any case, let us know what you think of this interesting malware example in the comments below.