This Malware is Blocking People From Accessing Piracy Websites

The malware also happens to spread through popular torrent platforms and its files resemble popular games like Left 4 Dead.

APKPure Trojan
Image: Security Intelligence

A new malware found by cybersecurity firm Sophos may be the strangest one that we’ve seen so far. While malware makers are usually pretty friendly with those who pirate content, this new malware actually stops users from accessing websites linked to piracy, including ThePirateBay. According to Sophos, the malware resembles another one seen over a decade ago, and is pretty easy to deal with, even manually. The hackers are also using popular tools like Discord and Bittorrent to spread the malware amongst users, and its files resemble games like Valve’s Left 4 Dead and Microsoft’s Minecraft.

“Instead of seeking to steal passwords or to extort a computer’s owner for ransom, this malware blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system,” Sophos said in a blog post. “Modifying the HOSTS file is a crude but effective method to prevent a computer from being able to reach a web address. It’s crude because, while it works, the malware has no persistence mechanism. Anyone can remove the entries after they’ve been added to the HOSTS file, and they stay removed (unless you run the program a second time),” the company added.

Further, Sophos said that it has already added the malware to its own directories, which means end-point detection tools from the company will catch the malware automatically. However, users can fix it manually by changing the HOSTS file too. “Users who have inadvertently run one of these files can clean up their HOSTS file manually, by running a copy of Notepad elevated (as administrator), and modifying the file at c:\Windows\System32\Drivers\etc\hosts to remove all the lines that begin with “127.0.0.1” and reference the various ThePirateBay (and other) sites,” the company added in the blog post.

Now that Sophos has reported the malware publicly though, it’s likely that most anti-virus makers will update their shared databases as well. It’s probably a matter of time before all tools start blocking it, but for the time being, it would be prudent to ensure that torrents and other files you download from the Internet are dependable.

Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page