Malware in pirate office suites steals data and cryptocurrency

Attackers use compromised image-editing tools and office software suites to access devices, breach cryptocurrency wallets, and steal information via the Tor network, according to Bitdefender researchers.

Find out how popular cracks lead to digital currency and data theft.

— Bitdefender (@Bitdefender) April 13, 2021

The malware spreads via pirated versions of popular applications. After installation on a device, it installs tools to exfiltrate data and to proxy via Tor.

Together they form a “powerful backdoor” that exchanges data with its C&C server via Tor.

According to Bitdefender, the backdoor is more often used in interactive mode by a human operator rather than sending automated requests to victims.

With it, hackers can steal files and Firefox profile data—including history, credentials, and cookies—use BitTorrent clients to steal information, and also steal Monero cryptocurrency from wallets.

The victims are most often residents of the United States and India. The malware has been spreading for around three years, the researchers said.

Last year, an unknown hacker group used the Tor network to attack users of cryptocurrency sites.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, rates and analytics.