Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware

[T0@st]

According to a report published by Bleeping Computer last week and research conducted by the Doctor Web team, nefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants. Microsoft ceased direct sales of licenses for its last gen operating system earlier this year, and a select bunch of folks are resorting to grabbing copies (for free) from pirate sources. The Doctor Web alert states: "(we) discovered a malicious clipper program in a number of unofficial Windows 10 builds that cybercriminals have been distributing via a torrent tracker. Dubbed Trojan.Clipper.231, this trojan app substitutes crypto wallet addresses in the clipboard with addresses provided by attackers. As of this moment, malicious actors have managed to steal cryptocurrency in an amount equivalent to about $19,000 (USD)."

It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).





New Windows 10 licenses are still available to purchase from third-party retailers, and Microsoft does officially distribute W10 ISOs for existing customers—so it is odd that some system builders are relying on nefarious sources to "acquire" operating systems. TPU recommends using the official Windows 10 installation media tool, or a direct download of an ISO via non-Windows browser user agents—Bleeping Computer has detailed the methodology of mimicking a smartphone or tablet browser session here.

Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:

• Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso
• Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso
• Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso
• Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso
• Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso

View at TechPowerUp Main Site | Source

 

[Chaitanya]

Worse than Windows itself?

 

[lexluthermiester]

but they anticipate that even more examples exist on torrents and other illegal distribution sites

Um, torrents are not illegal. So the "and other illegal distribution sites" is misstated and needs correction.

 

[FreedomEclipse]

Man... I gave up with pirated copies of windows when i found out i could buy legit grey market windows keys for very very little money and the best part of grey market keys is microsoft doesnt even care if you bought it for the price of a chicken dinner and one or two beers. People who buy the keys for their own system builds arent their bread and butter. They are still making money off you regardless by selling your data

 

[Solaris17]

nefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants

Lol they have been doing that for years. It boggles my mind that people don’t expect it.

 

[lexluthermiester]

Man... I gave up with pirated copies of windows when i found out i could buy legit grey market windows keys for very very little money and the best part of grey market keys is microsoft doesnt even care if you bought it for the price of a chicken dinner and one or two beers. People who buy the keys for their own system builds arent their bread and butter. They are still making money off you regardless by selling your data

The point of custom ISOs isn't the "free" aspect but rather the customized experiences that people want to use but don't know how to do for themselves. Piracy isn't really a problem in this situation but rather the makers of the bad ISO taking advantage of users wanting a better experience than that which microsoft has to offer.

In this situation, microsoft's own shenanigans are partly to blame. If they didn't include so much crap with Windows and weren't such goose-steppers where certain configurations were concerned, the custom ISO community wouldn't exist the way it does currently because the need would not exist.

Lol they have been doing that for years. It boggles my mind that people don’t expect it.

That's because it's not as common as one might expect. Most customized Windows ISOs are safe because the groups that make them have a reputation to protect. There are always bad actors though..

EDIT: @Solaris17 You can laugh, but it's one of my job duties to regularly check for this kind of thing and write reports detailing the findings. This is one of the reasons I'm so ultra-cautious about system security and why I DON'T trust microsoft to keep things "safe". Their definition and brand of "safe" is usually anything but fully secure.

 

[R0H1T]

Worse than Windows itself?

I mean if you go by that standard your phones are worse, probably 10x including the iToy

 

[lexluthermiester]

I mean if you go by that standard your phones are worse, probably 10x including the iToy

You'd be surprised how actually secure phones are, regardless of whether it's iOS or Android.

 

[T0@st]

Um, torrents are not illegal. So the "and other illegal distribution sites" is misstated and needs correction.

Note that "other" follows "torrent."

 

[Keullo-e]

Just wondering that who uses those when you can get a legit .iso from MS itself?

 

[lexluthermiester]

Note that "other" follows "torrent."

Exactly. The way that statement is written directly implies that torrents are illegal, which is incorrect.

Just wondering that who uses those when you can get a legit .iso from MS itself?

In the case of the article subject ISOs, mostly Russians as microsoft has put strict limitations on downloads from within Russia and it's ally nations.

 

[Keullo-e]

In the case of the article subject ISOs, mostly Russians as microsoft has put strict limitations on downloads from within Russia and it's ally nations.

Ah, good point there. Yet still weird if there isn't a way (at least an easy one) to get a legit iso for them.

 

[T0@st]

Exactly. The way that statement is written directly implies that torrents are illegal, which is incorrect.

It is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.

 

[lexluthermiester]

Ah, good point there. Yet still weird if there isn't a way (at least an easy one) to get a legit iso for them.

One would think microsoft would make a choice that is logical and reasonable, but alas...

It is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.

In some places, maybe, but not everywhere and not most places. Regardless, it's still poorly worded/stated.

 

[TheoneandonlyMrK]

It is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.

Certain countries block access to tiktok does that make it a grey area?.(I'd ban it worldwide tbf)

Torrents do often involve illegality but it's not exclusive and some use them legitimately.

The same Could be said of the whole internet really, it's a path to evil ban it.

I too don't think you should be spouting a few governments party line(torrent bad)

It's the stupidest bit of news I've seen today given the security environment present, wtaf expects safe and sound OS, IF you're dodging paying.
I get custom iso"s but a legit key can make them legit and possibly safe, but again no guarantee, and too risky for me.

 

[mechtech]

Windows……the OS that ‘keeps an eye on you’

 

[lexluthermiester]

Windows……the OS that ‘keeps an eye on you’

Wink wink..

 

[Easo]

In case anyone here has trouble understanding what "BoJlIIIebnik" means - magician/wizard.

Ahhh, reminds me of the good times of stuff like "Windows XP BLACK EDITION" .

 

[lexluthermiester]

Ahhh, reminds me of the good times of stuff like "Windows XP BLACK EDITION" .

Which one? There were a bunch! The version that became "Integral Edition" was perfectly clean(safe) and was very well done.

 

[Udyr]

Note that "other" follows "torrent."

Understandable, but if you say "John and other students", it implies John is a student as well.

In this case, the correct use would be "torrents and illegal distribution sites".

 

[Denver]

An OEM key is so cheap, I don't understand the need to get a pirated Iso these days;

**And no OEM keys are not illegal!

 

[mb194dc]

An OEM key is so cheap, I don't understand the need to get a pirated Iso these days;

**And no OEM keys are not illegal!

Cheaper than $0 ?

We've always got Linux as well for $0, value.

Frankly Windows has been getting worse for about 15 years and the sooner we get mass adoption of an alternative , like Android for desktop or similar friendly Linux based OS, the better the world of computing will be. In fact, I'd say Microsoft hasn't produced a decent product generally for a similar time frame.

All they've done is made worse versions of existing software and gone SAAS, cloud, Azure, 365 ,Windows 10/11, and charge for them monthly, more $ for worse products.

 

[Denver]

Cheaper than $0 ?

We've always got Linux as well for $0, value.

Frankly Windows has been getting worse for about 15 years and the sooner we get mass adoption of an alternative , like Android for desktop or similar friendly Linux based OS, the better the world of computing will be. In fact, I'd say Microsoft hasn't produced a decent product generally for a similar time frame.

All they've done is made worse versions of existing software and gone SAAS, cloud, Azure, 365 ,Windows 10/11, and charge for them monthly, more $ for worse products.

I completely understand the criticism, I agree that after Windows 7 it got worse and worse, full of unnecessary software and excessive telemetry.

But no, Linux is not an alternative to Windows for most people, neither in practicality of use nor in terms of compatibility. People have less time every day and I'm sorry but when I get my PC I just want things to work.

 

[Easo]

Which one? There were a bunch! The version that became "Integral Edition" was perfectly clean(safe) and was very well done.

Short answer is "Yes", or all of them. Was hard to choose when I was little and dowload speeds were... not great.

 

[dicobalt]

I can't imagine why anyone would download a Windows image from a non-Microsoft website.