YouTube Videos Promoting Malware

Concerning a development in the cybersecurity world, researchers have identified a new threat targeting freeloaders via YouTube videos. These videos are seemingly harmless and offer cracked versions of popular software. But as it turns out, these videos distribute a potent malware known as Lumma Stealer.

Besides being published some time ago, the video keeps gaining popularity. As researchers say, the file offered on the video as a cracked program is getting updated, meaning that hackers could have started spreading malicious payloads only after the video became popular. Also, such an approach opens the ability to spread effectively any malware, with Lumma being a firstling.

The Attack Chain

The attack begins innocently, with users searching for cracked versions of popular software like Vegas Pro. A link in the video description tempts the user, leading to a bogus installer hosted on a service like MediaFire. But the real danger lies within. The unpacked ZIP installer contains a Windows shortcut masquerading as a setup file.

In fact, the “setup” is a .lnk file that runs a PowerShell script. Then, things happen as in the textbook: the script downloads and runs the payload from a GitHub repository. The latter is chosen as a source for malware with firewall circumvention in mind.

What is Lumma Stealer?

Lumma Stealer is an information-stealing malware written in C language. It has been available on Russian-speaking forums since August 2022 through a Malware-as-a-Service (MaaS) model. The threat actor behind this malware is believed to be “Shamel”, who operates under the alias “Lumma”. The primary targets of Lumma Stealer are cryptocurrency wallets and two-factor authentication (2FA) browser extensions.

Once the malware infiltrates the victim’s machine, it steals sensitive information. It exfiltrates it to a C2 server via HTTP POST requests using the user agent “TeslaBrowser/5.5”. Along with these features, the malware also has a non-resident loader capable of delivering additional payloads through EXE, DLL, and PowerShell.

The Lumma Stealer has a starting price of $250 per month on underground forums. The lowest plan allows users to view and upload logs and access log analysis tools. On the other hand, the most expensive plan costs US$20,000 and gives users access to the source code. It also grants them the right to sell the infostealer.

How to stay protected?

First, we recommend that you refrain from downloading and using pirated software. This applies both to downloading from torrents and other sources. It is illegal for both home users and especially corporations and the risks – well, you may see them above. Still, you can enhance your protection against malware like Lumma Stealer by following tips:

• Avoid shady software spreading websites. Regardless of what kind of software they spread, the chance of getting infected by using one is noticeably higher. Seek a more reliable source – it will save you both time and money. To verify whether the site is legit and trustworthy, consider using GridinSoft Free Online Virus Checker.
• Don’t click on suspicious links. Similarly to the previous advice, be cautious with links, especially in emails, social media messages, or websites. Cybercriminals often rely on human curiosity to spread malware.
• Use anti-malware protection. A reliable anti-malware program and ensure it’s always up-to-date. It can detect threats before they harm your system. GridinSoft Anti-Malware is a security solution you can rely on.

The post YouTube Videos Promote Software Cracks With Lumma Stealer appeared first on Gridinsoft Blog.

RarBG is Shut Down

RarBG is a classic torrent tracker website that provides people with P2P downloading links for various content. Well, a uniting characteristic of most of this content was the fact it was pirated. Hundreds and thousands of downloading links to fresh movies, games and programs were shared there. Back in the days when it started, these places were massively popular. And they still are, especially in poor countries. Back-to-back with sites like ThePirateBay and eMule, RarBG was among the largest cyber pirate resources under the sun.

In 2014, on the wave of digital rights laws introduction to the legislation of most developed countries, RarBG faced tough times. One by one, European countries banned access to the website, forcing people to use VPN or proxy servers to access it. Slow-but-steady transfer of people from the use of cracked software towards using licensed one did not help the situation either. However, the events of the 3 recent years brought even worse challenges. One of RarBG admins says the following in the “goodbye” note:

What now?

Software piracy is apparently becoming a thing of the past. Despite numerous torrent trackers still running, the trend becomes obvious when you look closely at the life in these places. Seedings have much less peers, their speed is lower, and fresh content appears much less frequently. Moreover, torrents always were a perfect place to spread malicious content – both in the package with promised software and instead of it. Leave aside that using cracked apps can create you a lot of legal problems if the fact of their usage is uncovered.

Other trackers I’ve mentioned above are still working and don’t have such serious problems as RarBG did. But who knows what happens behind the scenes? Maybe, we’ll see other piracy sites shutting down in the near future, or not – thanks to the users migration from the ceased website. Yet at this point, it is obvious that the war between piracy and licensed software is won by the latter.

The post RarBG Torrenting Site Is Shut Down, Admins Explain Why appeared first on Gridinsoft Blog.

What is a Torrent?

A torrent, also known as a “torrent tracker” or “file tracker,” is a small file that keeps track of where the file you want to download is located on a network of different computers. It may not seem easy, but it is easier than you think. A torrent is a small file used by a torrent client that tells others, “Hey, I want to download and upload this particular piece of content for and from you.” You can use a torrent file to share media files, such as movies, music, etc., with others using a peer-to-peer network or “P2P”.

What is a Torrent Client?

The torrent client or torrenting client is software that uses a torrent file to find out who else has the file you want to download. The client gets data from all these computers by slowly adding small packets of the file you are downloading to your computer. The torrent client also downloads small packages of that file from the other computers. This is what forms a P2P network. A torrent client is software that connects downloaders and uploaders of a particular file, using a torrent file to determine which file to share.

What is Peer-to-Peer?

A peer-to-peer or P2P network allows computers to share a workload while performing a specific task. It differs from the usual client-server model, where a user simply downloads a file from a server. In a torrent case, using P2P, each computer connects to the other to download (leech) and upload (seed) a particular file. In this sense, the people who share the file act as small servers to download the file using the torrent client.

What are Seeders and Leechers?

Seeders and leechers are terms used to refer to different parts of the P2P network. When a client downloads, it is called a leecher because it leeches a file from others. When uploading, the client is called a seeder because it seeds files for others to download. When you use a torrent client, you are both a seeder and a leecher because you are simultaneously downloading and uploading parts of a particular file. When you have fully downloaded a file, you become a seeder because you are no longer downloading the file.

How Does Torrenting Work?

As written above, a torrent works on the P2P principle. First, you have to upload a torrent-client – a program that allows you to participate in this network. Additionally, you’d need a tracker – a small file that contains the information about the file that will be managed. The torrent client uses this tracker to see who else has the actual file you are about to download. For example, suppose you want to download a movie, and the torrent client gets the data from all those computers, adding snippets of the file you are downloading to your computer.

While you’re downloading those snippets, you’re also giving the snippets you’ve already downloaded to other people, turning your computer into a small server. This download process continues until you completely download the file or stop your torrent client from sharing the file. You will usually have to stop sharing the torrent manually to stop sharing the file.

Where do People get Torrents From?

First, you need to get the torrent file itself. There are now various websites that host these files. They are called torrent sites. An example of such a site is Pirate Bay. However, many torrent sites contain copyrighted content, so downloading such torrents is fraught with legal problems. Some torrent sites, such as Kickass Torrents and The Pirate Bay, have even been shut down with the help of local law enforcement. Even though downloading a torrent is perfectly legal, a great number of files on these sites are copyrighted.

Is Torrenting Legal?

Yes, the use of a torrent itself is legal. This means that it is not illegal to download and upload packages of a specific file. However, most countries have a law that prohibits downloading copyrighted content. This is called piracy, and people involved in copyright infringement are commonly referred to as pirates. However, whether punishment follows depends a lot on where you live. For example, in most countries, especially in Eastern Europe or Latin America, torrent use, although illegal, is rarely enforced. Therefore, it is common to use torrents without any security measures.

However, in cases where the fact of piracy is tracked and acted against, you can get a hefty fine. Unfortunately, only a small number of people downloading copyrighted content get fined or sued. However, suppose you are caught downloading illegal files in countries like Germany. In that case, you will probably receive a huge fine in the mail. Moreover, for consequent software piracy acts you will likely face an imprisonment. Additionally, the company you’re working for will likely to pay a fine as well, and also face legal consequences as the use of pirated software for commercial purposes is punished in a way more severe manner.

What are the risks of using torrents?

Consider a few risks if you want to download from a torrent. The most common problem is downloading malware along with or instead of the file you want. Although this problem has been observed since the early 2010s, those regions where torrents are popular are still at the top of ransomware infections. Here are the most significant risks you may encounter when downloading torrents:

• You may download copyrighted content. This is considered illegal in most countries and can cause serious legal problems.
• Hackers can attack torrent downloaders in many different ways.

Read on to learn more about these risks.

The risk of downloading malware

One of the most significant risks when downloading via torrents is getting infected with a virus. Threat actors who may create the distribution along with other users may embed malware in the files. Since most giveaways contain cracked software with the keygen, the authors often ask to disable antivirus. This gives the green light to any malware. Therefore, it is essential to use proper anti-virus software when surfing the Internet.

Risk of violating the law

When you use torrent clients to download copyrighted material such as movies, songs, books, or video games, you get copyright-protected content without paying for it, which is outside the law. Even if your region does not currently enforce copyright laws on torrents, this may be corrected in the future. Using pirated software is much more risky, as it can be detected through the traces a hacked program leaves in the files, created with its use.

How to Stay Safe When Torrenting

You can take the following steps to be safe when using torrents. It is worth noting that downloading copyrighted content is illegal, and we strongly recommend against it. However, there are also many fully legal torrents. To stay safe when using torrents, follow these tips:

• Use only trusted, reliable torrent sites considered safe and free of malware.
• Use proper anti-virus software, such as GridinSoft Anti-malware, to protect against any unwanted malware you may encounter when downloading a torrent file.
• Refrain from downloading copyrighted content so as not to break the law.

That way, the very act of downloading a torrent is 100% legal. All you are doing is transferring data. You can use torrent programs to download and share files with other users.

The post What is Torrenting? Is it illegal or Safe? How Does it Work appeared first on Gridinsoft Blog.