Hacked Software Hunters May Be Victims of FakeCrack Malware Campaign

Written by Carina Wilson

Avast has discovered a new malware campaign called FakeCrack that is targeting freeware enthusiasts.

During the operation, the attackers distribute malware that steals passwords, bank card data, and cryptocurrency wallets from users.

When you download hacked malware, be aware that attackers can take everything you have on your computer and you will end up losing your sensitive personal data. This is how the recently launched FakeCrack campaign works, luring users into downloading fake cracked software. The attackers behind this campaign are using a vast infrastructure to deliver malware and steal personal and other sensitive data, including crypto assets.Avast experts warn.

The malware spreads rather unusually – it is offered through search results to users looking for a pirated version of the CCleaner Pro utility.

Let me remind you that we also talked about the fact that Operators of the Clipminer Botnet “Earned” More Than $1.7 Million.

According to experts, they record an average of 10,000 infection attempts daily, mainly in Brazil, France, Indonesia and India.

With the help of malicious SEO techniques, attackers push their malware sites to the top of the Google search results in order to deceive as many people as possible.

All these sites are placed in the highest positions in search engine results. The vast majority of the results on the first page lead to compromised crack sites, and users end up downloading malware instead of the crack. This technique is known as the Black SEO mechanism exploiting search engine indexing techniques.the researchers write.

The infected search results guide the victim through several sites, eventually ending up on a landing page offering to download a ZIP archive. As a rule, the landing page is hosted on legitimate hosting like filesend.jp and mediafire.com.

FakeCrack malware campaign
Landing page

The file contained in the ZIP archive is usually called setup.exe or cracksetup.exe, but experts have identified eight different executable files in this campaign.

Malicious software not only steals passwords and bank card data from users, but also monitors the contents of the clipboard for the presence of copied cryptocurrency wallet addresses and replaces them with scammers’ cryptocurrency addresses. The clipboard sniffing feature supports Bitcoin, Ethereum, Cardano, Terra, Nano, Ronin, and Bitcoin Cash cryptocurrency addresses.

The malware also uses proxies to steal user credentials from cryptocurrency exchanges using a man-in-the-middle attack.

About the author

Carina Wilson

With over 10 years' experience of writing for online and print media, I'm an expert in delivering clear and compelling copy.

I've written for a leading SEO copywriting agency as well as writing for some of the UK’s best known brands, magazines and newspapers.

Leave a Comment