Numerous malware-infected software is being promoted on search engines as threat actors take advantage of people searching for copies of pirated computer applications and software online. These campaigns have been going on and disrupted by cybersecurity authorities ever since, although some continue to operate to victimise people.
In usual scenarios, the threat actors in these campaigns use SEO poisoning and malvertising tactics to push the malicious download websites up in search engines’ search result pages, including Google. The tactics will help them promote the malware-infected software and fake apps so that interested individuals would see them first upon searching the web.
The researchers listed some of the malware-infected software found propagated online.
Most fake apps and software injected with malware are popular among many people, including Adobe Acrobat Pro, 3DMark, 3DVista Virtual Tour Pro, MAGIX Sound Force Pro, Wondershare Dr Fone, and 7-Data Recovery Suite.
Threat actors in these campaigns utilise file hosting services to hold the malware carried by the fake computer software or applications. These file hosting sites redirect victims to other pages where they could allegedly download the file.
Once downloaded, the file will show a password-protected archive folder so that the malicious process will not trigger anti-virus scanning on the victim’s computer. As the victims unzip the archive file, the size of 1.3MB will expand to 600MB – a common byte padding technique that many malware operators apply for anti-analysis.
The executable will immediately run once unpacked, eventually launching the final DLL called the RedLine Stealer malware, capable of stealing passwords from web browsers, VPN credentials, cryptocurrency files and wallets, banking information, browser bookmarks, computer details, and more.
Aside from the RedLine Stealer, some cases also involved using another info-stealing malware called RecordBreaker, described as extensive and powerful as RedLine.
Researchers believe these campaigns could not be easily stopped, despite several cases where security experts have disrupted similar operations. Users are strongly advised to refrain from downloading free or pirated versions of paid computer software because they are likely to be malware-infected.
