Psst..do you want some ‘free’ software?
Chances are you’re getting more than you bargained for.
The security research team at Cybereason has recently highlighted the threats from attempting to download ‘cracked’ copies of Microsoft or Adobe products. The research team found that these copies of software had been laced with some particularly nasty malware, which starts by attempting to steal passwords and other information, then contacts a commercial service to download even more malware.
The resulting series of downloads forms a deluge of malware which could effectively:
- Steal passwords, credentials from browsers, cookies and session details (used to remember your logins for sites you use).
- Take pictures using your device’s camera and screenshots on your device.
- Mining Monero bitcoins using your device’s processing power.
- Install ransomware onto your machine to demand a ransom to unlock.
Judging by the number of downloads, we estimate over 500,000 machines have been infected by the campaign so far, with hundreds of machines affected every hour.
Source: https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Thanks to the Cybereason team for raising our attention to this.
Moral of the story?
There’s no such thing as a free lunch.
Beard sporting, food lover who’s passionate about protecting businesses. Combining his practical 15 years’ experience with a supportive and holistic approach to managing cyber risks, compliance and data protection. His goal? Building great security cultures and practises, giving businesses something to shout about when it comes to their information security.
