Threat actors are using free software as a bait to distribute malware, targeting unsuspecting consumers with pirated versions of popular software, deploying the Hijack Loader malware and Vidar Stealer information stealer through DLL side-loading techniques and AutoIt scripts, bypassing User Account Control and exploiting the CMSTPLUA COM interface for privilege escalation, ultimately adding itself to Windows Defender’s exclusion list for defense evasion, stealing sensitive credentials from web browsers, installing a bitcoin miner on compromised hosts, and utilizing ClearFake, TA571 malspam, ClickFix, Matanbuchus, DarkGate, SolarMarker, Lumma Stealer, Amadey Loader, XMRig miner, and clipper malware in various campaigns.
View full story…