Cryptocurrency-stealing Trojan found in pirated builds of Windows 10

0
341

The Trojan is spreading through one of the torrent trackers

Doctor Web, a company specializing in cybersecurity, spoke about a trojan in unofficial builds of the Windows 10 operating system.

Windows 10
Windows 10

The Trojan is distributed through one of the torrent trackers. According to Doctor Web, using the Trojan.Clipper.231 stealer, the attackers stole 0.73406362 BTC and 0.07964773 ETH, which is roughly equivalent to $18,976.29, or 1,568,233 rubles.

Cryptocurrency-stealing Trojan found in pirated builds of Windows 10

The Trojan was discovered when Doctor Web was contacted by a client who complained about the infection of a Windows 10 PC. Experts found the Trojan.Clipper.231 stealer in the system, as well as Trojan.MulDrop22.7578 and Trojan.Inject4.57873 that launched it. Doctor Web also found out that the build of Windows 10 was pirated and Trojans were present in it already at the time of downloading from the torrent tracker. Further investigation revealed several such infected Windows builds:

  1. Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik EN.iso.
  2. Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik EN.iso.
  3. Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso.
  4. Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso.
  5. Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso.

Unlike malware miners that secretly use the computing power of a PC, this virus waits until a cryptocurrency transfer is initiated on the infected device. In Doctor Web, the iXBT.com editors said that Bitcoin and Ethereum became the target of the attackers:

According to our data, at least 500 users have become victims of the stealer, but we do not have complete statistics, there may be many more victims. Friends, we strongly recommend downloading only original ISO images of operating systems and only from trusted sources!