Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT

Xtreme RAT and Cryptominer have been delivered through pirated copies of the Windows operating system (OS) software.

The discovery comes from eSentire's Threat Response Unit (TRU), with the security researchers publishing an advisory about the new threat on Thursday.

"Several malicious Windows services on the system were responsible for modifying system permissions, disabling Windows Defender, and retrieving payloads from [a malicious URL]."

According to eSentire, the behavior of the threat actors was identical to what was described by Minerva Labs in mid–2021.

This included Xtreme RAT gaining persistence on the host by creating new services. Two of them were reportedly called "Registration for device management" and "Previous Versions Library."

"TRU had observed several instances of this threat dating from late 2021 to early 2022," the advisory reads. "In these instances, our ... service was deployed to systems suspected of operating pirated versions of Microsoft's Windows operating system."

In terms of the motives behind these infections, eSentire said they might be financial in nature.

"The backdoored OS contains the necessary tools to monetize infected systems," the company wrote. "Cryptominer, RAT, and adware all provide various means to monetize infected systems through abuse of system resources, fraud, advertisements, etc."

At the same time, eSentire said the infection scheme and malware deployed are not overly sophisticated, hinting at the fact that the threat actors may be focused on poorly secured personal devices that can quietly generate revenue over time.

"Protecting against these threats requires a multi–layered defense approach to defend endpoints from malware and detect or block unauthorized login activity against applications and remote access services," eSentire warned.

To this end, the company recommends that individuals and firms alike always use trusted sources for downloading software and ensure that antivirus signatures are up to date.

A complete list of recommendations is available in eSentire's original advisory. Its publication comes weeks after a Kaspersky report suggested the number of users who faced gaming–related malware and unwanted software has increased sharply over the last year.

What’s Hot on Infosecurity Magazine?