Here's another excellent reason not to pirate your software

News
By published

A game crack can come with an extra infostealer, experts warn

Fingers typing on a keyboard.
(Image credit: Pixabay)

Threat actors are masking the CryptBot malware with cracks for new games and pro-level software.

Cybersecurity researchers from Ahn Lab found a new campaign to distribute CryptBot - an infostealer capable of exfiltrating saved browser passwords, cookies, browser history, data from crypto wallets, credit card information, and files, from compromised endpoints

The campaign revolves around creating multiple websites promoting cracks for computer games and professional-grade software. These websites and landing pages are properly optimized for search engines, ranking quite high on search engine result pages (SERP) for all the right terms. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Lighter malware

What’s more, the attackers are using both custom domains, as well as AWS-hosted sites, and in some cases, are redirecting the visitors multiple times before landing them on the delivery page. That means that the landing page itself could be on a legitimate, but compromised site.

The malware itself has suffered a number of big changes, as well. The researchers are saying the program grew lighter, and lost a few features, in order to be better hidden and easier to distribute. 

Read more

> This nightmare incident shows why you really shouldn't store passwords in your browser

> Trickbot is no longer the world's leading malware threat

> Cybercriminals flood online forums with malicious Microsoft Excel files

That being said, the anti-sandbox routine has been removed, as well as the ability to take screenshots. The malware can no longer collect data on TXT files on the desktop, and no longer has the second C2 connection and exfiltration folder. The latest version of the malware only has the anti-VM CPU core count check, and a single info-stealing C2.

At the same time, the attackers seem to be “constantly” refreshing their C2, and the dropper sites, the researchers are saying.

"The code shows that when sending files, the method of manually adding the sent file data to the header was changed to the method that uses simple API. user-agent value when sending was also modified," the researchers said in a blog post.

"The previous version calls the function twice to send each to a different C2, but in the changed version, one C2 URL is hard-coded in the function."

The new variant also seems to be working properly on all Chrome versions, while the older ones only worked on Chrome 81 - 95.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Trojan
Hackers hide malware into website images to go unnoticed
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That&#039;s Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24&#039;s Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Seth Milchick and Kier Eagan&#039;s animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
The cover art for popular Max TV shows shown in a collage

Max has been adding some of Prime Video's most annoying features but also a load of better upgrades
See more latest
Most Popular
The cover art for popular Max TV shows shown in a collage
Max has been adding some of Prime Video's most annoying features but also a load of better upgrades
AMD Instinct MI355X Accelerator
AMD signs huge multi-billion dollar deal with Oracle to build a cluster of 30,000 MI355X AI accelerators
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Gemma staring at something off-camera in Severance season 2 episode 10
'Everyone is going to be so torn': Severance star Dichen Lachman reacts to the popular Apple TV+ show's most 'intense' season 2 finale event
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24&#039;s Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series