Hackers are distributing a dangerous infostealer and adware by passing it off as cracked versions of popular video games, experts have warned.
Cybersecurity researchers from AhnLab claim this latest campaign is particularly unique due to the file type the hackers chose to bypass antivirus programs and other cybersecurity protections.
The team reported spotted a number of malicious websites advertising cracked versions of popular games such as Elden Ring, ROBLOX, Dark Souls 3, Red Dead Redemption 2, Call of Duty, and many others. However, people downloading the executive files from these locations are in for a surprise – instead of the actual game, all they’ll get is ChromeLoader, a known malware (opens in new tab) capable of doing all sorts of nasties. Among its features is the ability to show ads to users, steal the credentials stored in the browser, as well as other saved data.
VHD files
Usually, in campaigns such as this one, the hackers would pack the malware in an ISO file – a virtual drive file that the victims can “mount” on a virtual drive. Once run, the file would show as an additional removable storage drive, from which they’d be able to install the executable (in this case, the malware).
This time around, however, instead of the ISO, the hackers have opted for VHD files. Just like an ISO file, a VHD can be mounted on a Windows system with ease, and also works well with most virtualization software.
In the meantime, the websites hosting the malware have been pulled offline, the researchers said.
As usual, to keep safe from threats such as this one, users are advised to steer clear of torrent websites and other unofficial download sources. Pirated software, cracks, key generators and activators are one of the most popular attack vectors threat actors use to distribute all kinds of malware and viruses.
Having an strong antivirus solution also helps.
Via: BleepingComputer (opens in new tab)
