Vigilante Malware Stops 'Internet Pirates' from Accessing Pirated Content
Some cybercriminals do it for the money, while others are chasing glory in the underground world of hackers. But there are also some cybercriminals whose motivations are truly surprising. The creators of the so-called 'Vigilante Malware' belong to the latter category. Their malicious application was discovered only recently, and it appears to be planted in all sorts of software activators, game cracks, and other pirated content hosted on sites related to online piracy. But what does the malware do? Well, the surprising fact is that it does not cause major damage, nor does it attempt to extort the victim for money or information – instead, it focuses on preventing the 'victim' from using pirated content.
Vigilante Malware Causes No Harm - It Only Blocks Piracy Websites
The Vigilante Malware appears to be the product of an amateur developer, but while their code might be lacking quality, they are certainly doing a great job when it comes to distribution. Executables and archives laced with the Vigilante Malware have been spotted on various torrent sites, piracy sites, and even forums or Discord servers dedicated to piracy. Once the Vigilante Malware is launched, it will perform just one change to the compromised system – it will modify the Windows HOSTS file.
The HOSTS file is, simply put, a quick way for Windows to pair specific hostnames (domains) to IP addresses. Modifying it is an easy way to ensure that the computer's Internet connection will point users to a particular address when they try to access a specific URL. An example on how the HOSTS file works can be found thanks to our post on How to Block Specific Domains in Your Hosts File. The Vigilante Malware populates this list with over a thousand new lines, which will redirect the user to 127.0.0.1 whenever they try to enter some of the most popular piracy-related sites. 127.0.0.1 is the computer's local address, and there is no website to be found there typically.
The Vigilante Malware does not try to gain persistence, nor does it perform any other tasks once its job has been done. If you have fallen victim to the Vigilante Malware, then this means that you should probably stay away from pirated content, and you should also take extra measures to protect your computer. As for fixing the 'issues' that Vigilante Malware causes, you should run an anti-malware scanner to eliminate the threat and then manually redact the HOSTS file found in the directory System32\drivers\etc\hosts.