Pirated corporate software infects Russian businesses with info-stealing malware
2024-12-7 00:15:46 Author: therecord.media(查看原文) 阅读量:4 收藏

Russian businesses that use unlicensed corporate software have fallen victim to an ongoing information-stealing campaign, researchers have found.

The cybercriminals behind the campaign, which began in January of this year, have been distributing the well-known info-stealer malware RedLine on local online forums frequented by business owners and accountants. They disguise it as a tool designed to bypass licensing requirements for business automation software.

To evade detection by security vendors, the attackers instruct victims to disable antivirus services on their devices, claiming that the pirated software would not work otherwise, according to a new report by Russian cybersecurity firm Kaspersky.

RedLine is sold as a service for criminals on underground forums. It can exfiltrate sensitive information from browsers and messengers or detailed data about an infected system and its users.

Earlier in October, U.S. authorities identified and charged a Russian national, Maxim Rudometov, with developing and administering RedLine. In November, international law enforcement took down the infrastructure behind the malware, but it appears that the criminals have found another way to use it.

Kaspersky hasn’t attributed this campaign to a particular threat actor and didn’t say if the campaign is financially or politically motivated.

“The attackers behind this campaign are clearly interested in gaining access to organizations of Russian-speaking entrepreneurs who use software to automate business processes,” researchers said.

Abusing pirated software to infect users is a common tactic among cybercriminals, but Russian users are particularly vulnerable to such attacks. Since Moscow's invasion of Ukraine, many Western companies, including tech giants like Microsoft, have suspended their services in Russia and revoked licensing for software already used by Russian businesses.

Kaspersky admitted that disguising malware as a tool to help victims bypass license checks is not uncommon. "However, the fact that they are targeting businesses rather than individual users seems quite unusual," researchers said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.


文章来源: https://therecord.media/russia-businesses-pirated-corporate-software-redline-infostealer-malware
如有侵权请联系:admin#unsafe.sh