Security News > 2022 > August > Pirated 3DMark benchmark tool delivering info-stealer malware
Cybersecurity researchers have discovered multiple ongoing malware distribution campaigns that target internet users who seek to download copies of pirated software.
In many cases, the malicious executables masquerading as the promised software installers are hosted on file hosting services, so the landing pages redirect victims to other services to download the files.
The downloaded files are archives containing a 1.3MB password-protected ZIP to evade AV scans and a TXT file with the password.
The loader re-arranges the contents in the correct order, derives the final DLL, a RedLine Stealer payload, and loads it into the current thread. Redline stealer is a powerful info-stealing malware that can siphon passwords stored in web browsers, credit card data, bookmarks, cookies, cryptocurrency files and wallets, VPN credentials, computer details, and more.
In some cases, Zscaler noticed that the threat actors dropped copies of the 'RecordBreaker' stealer malware, packed with the Themida tool for obfuscation and detection avoidance.
In June, we reported on a similar 'Black Hat SEO' campaign spreading poisoned pirated copies of CCleaner Pro containing info-stealing malware.