Cracked Versions of Office and Photoshop Steals Data and Crypto currencies
Cracked versions of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from people who install cracked software according to Bitdefender. Cracked software, also known as wares, is legitimate software that has had its licensing features removed. It is often used by people who don't want to pay for a license to use particular applications. Microsoft Office and Adobe Photoshop are two of the most popular software suites and cracked versions can be readily found on the internet.
Those cracks come with a price, though, certain versions of Microsoft Office and Adobe Photoshop are being distributed with malware. Bitdefender discovered that that the malware stole browser session cookies, stole Monero cryptocurrency wallets, and stole other data by opening a backdoor on the target machine and turning off its firewall.
Once executed, the crack installs an instance of ncat.exe, a legitimate tool to send raw data over the network, as well as a TOR proxy. According to Bogdan Botezatu, Bitdefender's director of threat research a batch file called chknap.bat is bundled together to create a backdoor that communicates with tor and its command and control center. The ncat binary uses the listening port of the TOR proxy and uses the standard "--exec" parameter which allows all input from the client to be sent to the application and responses to be sent back to the client over the socket similar to a reverse shell. The group behind this attack take their time to analyze the environment they have compromised and decide what is worth stealing. Researchers assume that stealing Firefox profile directory was opportunistic rather than targeted would steal data from any other browser installed on the machine.
Even though it is illegal to use cracked software, it is still common on both home and work computers which makes this even more troublesome. The malware may hide in plain sight since many cracked versions of software come with protection notifications from their antivirus by warning their users of the risks. Pirated software is never the way to go, however tempting it may be, as the risks tend to always outweigh the benefits.
Key generators are another popular line of business for pirates, and according to ESET, they're often flagged as malware and are therefore quarantined by antivirus. But the user can choose to override such warnings. The rise of Application as a service has reduced, demand for pirated software. Large vendors are more adept at ensuring their products only work in the presence of an internet connection where they can phone home to an activation server.