This band of vigilantes is hitting internet pirates with malware attacks

security threat
(Image credit:

Cybersecurity researchers have chanced upon an “oddball” malware that aims to prevent infected users from visiting websites that host pirated software.

Principal Researcher at Sophos Labs Andrew Brandt says it is one of the “strangest cases” he’s seen in a while.

“Instead of seeking to steal passwords or to extort a computer’s owner for ransom, this malware blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy,” writes Brandt of the so-called vigilante malware.

Brandt suggests the malware blocks the website using the HOSTS file on the infected system; a method he refers to as “crude but effective.”

Noble intentions

In his breakdown of the malware, Brandt notes that its authors disguise it as cracked versions of popular online games such as Minecraft, as well as productivity tools, security tools, and other popular software. 

The malware is distributed via ThePirateBay, notorious for hosting all sorts of pirated content including software, as well as through the game chat service Discord.

Upon execution it displays a fake error message, while in the background it runs a couple of checks before modifying the HOSTS file.

Sophos put the malware through its paces and it appears it really does nothing sinister except prevent users from accessing online repositories that host pirated software.

Brandt concludes that the malware modifies no other file besides the HOSTS file, which can easily be cleaned using a simple text editor

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.