FakeCrack Malware Spread Using Crack Sites
Cracked software is used as a lure to spread cryptostealers in a new malicious campaign dubbed FakeCrack.
The malicious payloads used in the campaign comprise infostealer malware strains that are capable of stealing information related to crypto and wallets.
The malware is spread using questionable sites that claim to offer cracked executables for paid software, both applications and games. Similar sites have been used many times in the past and serve as beacons that attract a certain type of user - someone who seeks to download illegal software or use paid software without spending money. Obviously, when you engage in this sort of activity, you need to expect the sort of issues that go with it.
The payloads used in the FakeCrack campaign are usually hosted on legitimate file hosting services and are archive files, encrypted with a basic password. The password protection's goal is to stop automated antivirus checkers from analyzing the payload inside the archive.
Perhaps the most important feature of the infostealer malware used in the FakeCrack campaign is its ability to monitor and modify the clipboard. A lot of crypto malware uses this to intercept wallet strings in the clipboard and replace them with the wallets of the malware operators, thus illegally redirecting funds without the victim's knowledge.