ESET antivirus installer laced with malware

You'd expect that by now, users should be aware that downloading "cracks" for any kind of software would come with inherent dangers, such as adware, infostealers, backdoors, and even ransomware. Sadly, this isn't the case and a fairly decent amount of users are still get infected with all sort of nasties this way.

According to security researcher MalwareHunter from the MalwareHunterTeam, every day, he comes across a suspicious file that poses as an antivirus installer or a crack for antivirus software that's laced with some sort of malware.

In most cases, the threat is of low risk, such as adware that just inserts unwanted ads in your browsing experience or shows annoying popups while you use your OS.

But once in a while, you get something more interesting, such as a remote access trojan, ransomware, or infostealer, that comes with more dangerous implications to your own personal privacy.

For example, just this past month, MalwareHunter came across an Avast installer that was laced with the a remote access trojan.

This past week, he also came across an installer for the Petya GoldenEye ransomware that disguised itself as an ESET installer, and later over an AVG crack that installed the Stampado ransomware.

Almost all antivirus brands have been targeted, from the well-known Norton to the obscure RogueKiller (tweet below).

Crooks don't target antivirus software specifically, but this tactic is part of a larger spray-and-pray malware distribution campaign.

Malware authors embed their payload in dozens of different files, from games to PDF documents, hoping to infect as many victims as possible. Below is an image showing the different file names through which malware authors tried to distribute a version of the same adware.

Names of different files laced with malware
Names of different files laced with malware

It is unbelievable that after 20 years since we've first seen this type of malware distribution technique, users are still downloading and getting infected via crack files. More incredible is that people are downloading crack files for antivirus software, sabotaging their computer despite their best intentions of keeping it secure.

Related Articles:

The Week in Ransomware - December 14th 2018 - Slow Week

Microsoft Launches AI Malware Prediction Competition with $25K Prize

New LamePyre macOS Malware Sends Screenshots to Attacker

Android Malware Tricks User to Log into PayPal to Steal Funds

Company Pretends to Decrypt Ransomware But Just Pays Ransom