Cybercriminals Make Crypto Gains with Spoofed Premium Software

While social engineering remains an infiltration method for cybercriminals to install cryptocurrency miners on victims’ computers, ‘free’ premium software packages are increasingly luring gullible users into unwittingly using their computers to mine cryptocurrencies.

Researchers from Kaspersky Lab have discovered a growing number of websites offering various types of “free” versions of premium software packages such as Adobe Premiere Pro, CorelDraw, PowerPoint and more. The software, which is factually ‘free’, is actually a custom-rigged version of a cryptocurrency mining software. Predictably, cybercriminals are using domain names that purport to be URLs of legitimate products.

In explaining their analysis, researchers point to a “full free version” of the ABBYY FineReader (an optical character recognition software), made available through a Torrent engine. The hacked version of the software contains an executable file among a number of folders. Researchers quickly discovered a number of suspicious looking files within the software’s ‘lib’ folder.

“There are also text files in this folder that contain the information required to initialize the miner – namely the wallet details and the mining pool’s address. This folder will be installed stealthily to the victim computer while FineReader is installing” researchers at Kaspersky Lab wrote.

The autorun folder contains a shortcut, leading to the clandestine miner’s work directory on the PC’s windows drive. The analysis of an extracted BAT script reveals the cybercriminals’ wallet address is up to date before triggering the mining operation. In this instance, a cryptographic token called ZCash is mined.

Altogether, researchers determined that the total revenue generated by cybercriminals with this particular software was nearly $3,400.

“This small piece of research once again demonstrates that no one should ignore protection measures and get lulled into a false sense of security, believing cybercriminals are only interested in financial organizations; practice shows that regular users are also targeted,” researchers warned. “The mining software that we analyzed, albeit incapable of inflicting any damage, can seriously impair your workstation’s performance by hijacking its resources and making it work for somebody else.”

Image credit: Pixabay.