Sveriges mest populära poddar
CyberWire Daily

Malware in pirated Windows installation files. [Research Saturday]

14 min3 juli 2021

Guest Tom Roter from Minera Labs joins Dave to discuss his team research: "Rigging a Windows Installation." It is common knowledge that pirated software might contain malware, yet millions still put themselves and their devices at risk and download from dubious sources. It is even more surprising to see the popularity of torrented operating system installations, which are ranked at the top of most torrent tracker ranking lists. Today we will prove conventional wisdom right and show off a devious, yet clever attack chain employed by an infected Windows 10 image, frequently shared and downloaded by tens of thousands of users.

Over the last year, numerous malicious PowerShell events popped up in our telemetry. The events caught our attention because a payload was being downloaded into the “C:\Windows” directory, which is usually well guarded under NTFS permissions, this implies that the attacker had very high privilege on the compromised system. 

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

CyberWire Daily med N2K Networks finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.