New malware is trying hard to prevent access to pirated software, apps and games: ‘Vigilante’ campaign frequents shady websites for doing good

Vigilante Malware
Malware trying to prevent piracy? Pic credit: Christiaan Colen/Flickr/CC BY-SA 2.0

A new Batman is willing the streets into order, but only people who download pirated apps, games, and software, frequent these virtual destinations. A new malware, dubbed ‘Vigilante’, has set out on a digital crusade against pirating websites and their patrons.

The majority of malware installs trojan, viruses, backdoors, etc. to steal valuable information, or hold data ransom. The Vigilante malware, by contrast, is hunting down Internet users who acquire software illegally.

New malware is attempting to prevent access to ‘Warez’ websites:

SophosLabs Principal Researcher Andrew Brandt has dubbed the new malware ‘Vigilante’. This new “virus” installs itself when victims download and run, open, or launch what they assume is pirated software or games.

Once installed, the malware updates the file name that granted it entry on a victim’s computer to an attacker-controlled server. It sends the IP address as well. If that’s not enough, the malware also modifies key files on the target PC to prevent access to popular websites that offer pirated software.

In addition to preventing access to websites that allow downloading pirated apps, the malware is also going after Internet users who regularly access pirated TV shows.

Speaking about the new malware, Brandt said: “The malware’s motivation seemed pretty clear. It prevents people from visiting software piracy websites (if only temporarily)”.

The malware does not have an official name yet. SophosLabs has dubbed the same ‘Vigilante’ owing to the seemingly noble crusade it is on.

How does the ‘Vigilante’ malware work?

The virus traps unsuspecting victims by hiding in a number of fake software packages. Pirated or free versions of “popular games, productivity tools, and even security products” are popular choices.

After successfully infecting a computer, the malware blocks the user from visiting a list of websites. The majority of these websites are related to torrenting.

The malware’s methodology to dissuade access to Warez websites is rather simple. The Vigilante malware hijacks the computer’s HOSTS file.

The HOSTS file is common to Windows PCs, and it is a  plaintext file that maps hostnames to IP addresses as they connect to a device’s network. By modifying the file, users can stop their devices from connecting to certain domains.

The malware reportedly pairs all of the Warez websites with 127.0.0.1, a special-purpose IP address, often called the localhost or loopback address. Simply put, a victim attempting to visit such a website would be looped back.

Needless to mention, there is a very simple way to undo the actions of the Vigilante malware. Merely removing all the entries that point to 127.0.0.1, should do the trick.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x