It prevents people from visiting software piracy websites, if only temporarily, and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload
NEW DELHI: Researchers at cybersecurity company Sophos have found one of the strangest malware yet. Instead of stealing user data or holding their data for ransom, the new malware seeks to block users’ access to websites that promote piracy and torrenting. The company called it a “vigilante-style" malware and said it’s “relatively non-complex" and can be fixed quite easily too. It resembles a decade-old malware called Ponmocup, which had a similar impact on computers, the researchers said.
“We weren’t able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload," the company said in a blog post. “The file adds from a few hundred to more than 1000 web domains to the HOSTS file, pointing them at the localhost address, 127.0.0.1," it added.
Further, the malware is disguised as a “wide variety of software packages" that are hosted on popular game chat service Discord. It’s also being distributed through BitTorrent, a popular tool used for downloading pirated content, and the name of those files also resembled popular games, productivity tools and even security products, the researchers noted. Some of the names include popular games like Valve Corporation’s Left 4 Dead and Microsoft’s Minecraft.
When infected the malware prompts users with an error message, which says, “The program can’t start because MSVCR100.dll is missing from your computer. Try reinstalling the program to fix this problem." Sophos said that it had already built detection protocols into its own software, but users can also clean up their systems manually by modifying certain files. Now that the malware has been reported, it’s likely that other anti-malware tools will add them to their databases too.