MADRID, 18 Jun. (Portaltic/EP)
A ‘malware’ distributed via Discord and BitTorrent disguised as fake video games infects users in order to prevent them from accessing pages for illegal downloading of unlicensed software, without trying to steal information, resources or personal data.
The security company Sophos shared an article on Thursday announcing the discovery of this malicious code, and indicated that the origin and motivation of the ‘malware’ is unknown, that, unlike most, does not seek the theft of personal data or private information.
Malicious software hides like pirated copies of software packages which, in this case, were sent through the communication service Discord. On the file-sharing website BitTorrent, the ‘malware’ is embedded in files with names of famous video games, productivity tools and security products, according to Sophos.
Along with these files, in BitTorrent other files were attached that gave it fidelity since it they gave the appearance of having originated from the popular pirate website ThePirateBay.
The files appeared on Discord were shown as executables, while those of BitTorrent tried to acquire the pirated software image. This software takes the form of compressed files with a text file, additional files, and a shortcut file indicating ‘ThePirateBay’.
When you double-click the ‘malware’, a window of ‘System error’ stating that a .dll format file is not found on the computer, and calls for reinstalling the program to fix the problem.
Sophos explains that when running, the ‘malware’ checks the network connection to see if it can be established on it and, if so, contacts the Uniform Resource Identifier (URI), the unique name of each file, of a specific domain that is a fake URL of 1fichier.com.
The modifications you make to the HOSTS file, thus, they prohibit the user from accessing the real domain. In this way, what it does is add a lists over 1,000 web domains and takes them to a local server address, although some of them have nothing to do with piracy.
To remove malicious code, users can clean the HOSTS file manually, according to Sophos. To do this, the company indicates that run as administrator a copy of Notepad and modify the file c: Windows System32 Drivers etc hosts. There, you have to remove all lines starting with “127.0.0.1” and mentioning ThePirateBay sites or other piracy sites.