![]() ![]() It is appended with over 1GB of unused bytes, a technique commonly used to bypass antivirus and sandboxes that do not scan files beyond a specific size due to limited CPU and RAM resources. Launcher_S0FT-2O23.exe is the Vidar infostealer. A detailed analysis of each component is provided in the following sections. The archive also contains multiple unused files and directories, possibly to masquerade as a legitimate installer. Some videos display tutorials for using the pirated software, although in most cases, they simply display static images often unrelated to the software product (Figure 1).Īs shown in Figure 5, after downloading the RAR archive 2O23-F1LES-S0ft.rar via the URL provided in the YouTube video description, the victim must uncompress the archive with the password “1212,” listed together with the URL, and run the Launcher_S0FT-2O23.exe contained within. The uploaded videos lure users searching for pirated software by using titles such as “Adobe Acrobat Pro dc Crack 2023 free full version / Adobe Acrobat Free Download”. ![]() This article describes the entire attack chain and technical details on the malware components that make up this campaign. And although there are overlaps with our findings, this report provides additional observations, such as the deployment of a third malware family being distributed to the victims. While investigating this campaign, other researchers published a report about it. Victims are led to execute malicious binaries that install multiple malware into their systems focused on harvesting credentials, cryptojacking, and stealing cryptocurrency funds from wallets. ![]() Videos advertising downloads of “cracked” (aka pirated) software are uploaded by verified YouTube channels with a large number of subscribers. Impact: Remote attackers steal credentials, sensitive information, and cryptocurrency and perform cryptojacking on systemsįortiGuard Labs came across an ongoing threat campaign targeting YouTube viewers searching for pirated software earlier this month. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |