Principal Researcher at Sophos Labs Andrew Brandt says it is one of the “strangest cases” he’s seen in a while.
“Instead of seeking to steal passwords or to extort a computer’s owner for ransom, this malware blocks infected users’ computers from being able to visit a large number of websites dedicated to software piracy,” writes Brandt of the so-called vigilante malware.
- Here's our choice of the best malware removal software on the market
- These are the best ransomware protection tools
- Protect your devices with these best antivirus software
Brandt suggests the malware blocks the website using the HOSTS file on the infected system; a method he refers to as “crude but effective.”
In his breakdown of the malware, Brandt notes that its authors disguise it as cracked versions of popular online games such as Minecraft, as well as productivity tools, security tools, and other popular software.
The malware is distributed via ThePirateBay, notorious for hosting all sorts of pirated content including software, as well as through the game chat service Discord.
Upon execution it displays a fake error message, while in the background it runs a couple of checks before modifying the HOSTS file.
Sophos put the malware through its paces and it appears it really does nothing sinister except prevent users from accessing online repositories that host pirated software.
Brandt concludes that the malware modifies no other file besides the HOSTS file, which can easily be cleaned using a simple text editor.
- We've put together a list of the best endpoint protection software