Monday, June 19th 2023
Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware
According to a report published by Bleeping Computer last week and research conducted by the Doctor Web team, nefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants. Microsoft ceased direct sales of licenses for its last gen operating system earlier this year, and a select bunch of folks are resorting to grabbing copies (for free) from pirate sources. The Doctor Web alert states: "(we) discovered a malicious clipper program in a number of unofficial Windows 10 builds that cybercriminals have been distributing via a torrent tracker. Dubbed Trojan.Clipper.231, this trojan app substitutes crypto wallet addresses in the clipboard with addresses provided by attackers. As of this moment, malicious actors have managed to steal cryptocurrency in an amount equivalent to about $19,000 (USD)."
It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).New Windows 10 licenses are still available to purchase from third-party retailers, and Microsoft does officially distribute W10 ISOs for existing customers—so it is odd that some system builders are relying on nefarious sources to "acquire" operating systems. TPU recommends using the official Windows 10 installation media tool, or a direct download of an ISO via non-Windows browser user agents—Bleeping Computer has detailed the methodology of mimicking a smartphone or tablet browser session here.
Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:
It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).New Windows 10 licenses are still available to purchase from third-party retailers, and Microsoft does officially distribute W10 ISOs for existing customers—so it is odd that some system builders are relying on nefarious sources to "acquire" operating systems. TPU recommends using the official Windows 10 installation media tool, or a direct download of an ISO via non-Windows browser user agents—Bleeping Computer has detailed the methodology of mimicking a smartphone or tablet browser session here.
Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:
- Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso
- Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso