Piracy is rampant in computer software. Among the most pirted programs we find the Office suite, Photoshop, Acrobat, Premiere Pro or After Effects , showing that Adobe and Microsoft are the companies most affected by piracy. Now, there are hackers who are taking advantage of it and putting new viruses in the cracks.
Cracks are small modifications made to commercial programs that allow you to use them without paying for a license. Doing this, however, poses great danger, as these cracks may be modified to contain malware or download more dangerous malware from a remote server. Antiviruses usually detect them as viruses and block them, so many users, to use them, put them on a white list so that the antivirus does not analyze it.
Hackers would be taking advantage of this, according to BitDefender, where they have detected the deployment of a Trojan campaign in Office and Photoshop cracks . This Trojan displays several files on the computer, among which it has detected ncat.exe, nap.exe, ndc.exe, tarsrv.exe, chknap.bat and nddcf.cmd . The files can be present in the System32 or SysWow64 folders.
They can steal files, access to our accounts and cryptocurrencies
The malware uses a Tor proxy to communicate with the control servers, using ports between 8000 and 9000 in the .onion domain. Once the malware is on the computer, it can send files through the BitTorrent protocol and then download them anonymously. It can also steal data from web browsers, disable the firewall, and steal cryptocurrencies such as Monero from wallets that it detects installed on the computer. By having full control of the computer, they can do whatever they want.
For example, it is capable of capturing Firefox cookies, being able to load them on another device owned by the attacker to bypass passwords and access online services, where it is even possible to bypass the two-step verification.
The malware has already been detected in Spain , as well as in other countries such as the United States, India, Gracia, Canada, France and the United Kingdom. The investigation details that the back door that is introduced into the computer is being used by a human operator instead of making automated requests to the victims.
Therefore, it is advisable to use adequate antivirus to avoid false positives, as well as to pay for the license of the software that we use daily, thanks above all to the monthly subscription plans that leave them at very affordable prices. To ensure that the files you download are safe, you can create a virtual machine to avoid infecting your main installation, as well as upload them from there to websites such as VirusTotal to analyze them with dozens of antivirus at the same time.