Hackers target Microsoft Office and Adobe Photoshop software ‘cracks’

Office and Photoshop cracks pack security flaw

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

‘Cracks’, small programs that allow consumers to use commercial software without paying for the license, are still popular among businesses and individuals despite security risks, experts have warned.

A report from cybersecurity firmBitdefenderhighlighted cracks forMicrosoft OfficeandPhotoshop CC, and besides the obvious legal implications, users are risking ceding full control over their devices to hackers and criminals.

Bitdefender has spotted a campaign in which the crack deploys the ncat.exe malware on the device, together with the TOR proxy. Netcat can be installed on the device under one of these names:

%syswow64%\nap.exe%syswow64%\ndc.exe

The TOR proxy can be dropped under %syswow64\tarsrv.exe.

Bitdefender also spotted the %syswow64%\chknap.bat batch file for nap.exe, as well as %syswow64%\nddcf.cmd for ndc.exe, holding the command line for the Ncat component. That component will then move through ports 8000-9000 on the .onion domain.

Money-stealing backdoor

Bitdefender claims the result is a “powerful backdoor” that uses the TOR network to communicate with its command and control server. Once established, the backdoor can do all sorts of nasties, including file exfiltration (it uses BitTorrent to exfiltrate data), firewall disabling (in preparation of file exfiltration), or Firefox profile data theft.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By stealing Firefox cookies, Bitdefender explains, attackers can load them onto a different device to completely bypasspasswordsfor various online services, or render2FAuseless.

It can also access the Monero cryptocurrency wallet and steal any tokens it finds there. This, most likely, works for othercryptocurrency walletsas well, given that the list of actions is “non-exhaustive”. “Attackers have complete control of the system,” the researchers explained, “and can adapt campaigns based on their current interests.”

Most instances of the malware were found in the United States, India and Greece, with Canada, France, the UK and Spain being notable mentions. The malware has also been seen in Australia, Latin America, and most of Europe.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

The Apple Watch is helping Afib patients ditch blood thinners in a ground-breaking trial