Security News > 2021 > September > Traffic Exchange Networks Distributing Malware Disguised as Cracked Software
An ongoing campaign has been found to leverage a network of websites acting as a "Dropper as a service" to deliver a bundle of malware payloads to victims looking for "Cracked" versions of popular business and consumer applications.
The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "Download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for Raccoon Stealer, Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions.
Using techniques like search engine optimization, links to the websites appear at the top of search results when individuals search for pirated versions of a wide range of software apps.
On top of that, the researchers also found some of the services that act as "Go-betweens" to established malvertising networks that pay website publishers for traffic.
One such established traffic supplier is InstallUSD, a Pakistan-based advertising network, which has been linked to a number of malware campaigns involving the cracked software sites.
A month later, the attackers behind a piece of malware dubbed MosaicLoader were found targeting individuals searching for cracked software as part of a global campaign to deploy a fully-featured backdoor capable of roping the compromised Windows systems into a botnet.