News

Pirated Windows 10 ISOs Include Hidden Malware

In a classic case of ‘play stupid games win stupid prizes’, it has been found that pirated copies of Windows 10 have been distributed containing malware hidden within the EFI partition.

Pirated Windows Copies Containing Malware

As reported by Bleepingcomputer.com, hackers have distributed Windows 10 using torrents which have hidden cryptocurrency hijackers within them. The malware was hidden within the Extensible Firmware Interface partition (EFI) which is a partition that contains the bootloader and related files before the OS starts and in turn is hidden from most anti-virus programs. The malware was discovered and explained by researchers at drweb.com who found that it does not execute from the EFI but instead uses the partition as a hidden place to store the infected files.

How Does it Work?

The malware consists of three stages starting with Trojan.MulDrop22.7578 which launches via the system Task Scheduler and has the goal of mounting an EFI system partition to the M:\ drive and copy two other malicious components onto it. After it does this it deletes the original trojan from the C:\ drive launches the next stage under trojan.inject4.57873 and unmounts the EFI partition. TrojanInject4.57873 then uses the Process Hollowing technique to inject Trojan.Clipper.231 into the Lsaiso.exe system process taking control. The malware then monitors the clipboard and substitutes crypto wallet addresses copied into it with attacker-provided addresses.

The researchers say that using the EFI partition as a method of malware infiltration is a very rare attack vector and is of great interest to security professionals. The researchers have also estimated that Trojan.Clipper.231 has so far managed to steal 0.73406362 BTC and 0.07964773 ETH which is around $18,976.29 a fairly hefty sum of cash.

I know Windows is expensive but at least with a reliable source, you don’t get hit with one of these.

Jakob Aylesbury

Disqus Comments Loading...

Recent Posts

New Report Suggests Helldivers 2 Xbox Release Unlikely

As one of the most popular online games lately, it’s no surprise that Xbox fans…

5 hours ago

November Xbox Game Pass Games Revealed

We've finally reached the month of November, and that means one thing for Xbox users:…

7 hours ago

PS5 Pro Enhanced Games List Revealed

For those who haven't had it on their radar, this week we take a new…

7 hours ago

MSI Overclocker Pushes Kingston Fury Renegade RAM to Record-Breaking 12,196 MT/s

An overclocker from the MSI team has managed to push the Kingston Fury Renegade CUDIMM…

8 hours ago

NVIDIA Pushes SK Hynix to Accelerate HBM4 Production

It seems that NVIDIA wants to launch its next products ahead of time. We are…

8 hours ago

ASUS Unveils New TUF Gaming A2 SSD Enclosure with Enhanced Durability and Speed

The trend of upgrading storage from traditional hard drives to SSDs has become increasingly popular,…

8 hours ago