Pirated copies of Windows 10 feature hidden malicious apps designed to steal crypto

A friendly reminder that pirating an operating system like Windows 10 is a dangerous game, especially when they arrive packed with malware.

Pirated copies of Windows 10 feature hidden malicious apps designed to steal crypto
Comment IconFacebook IconX IconReddit Icon
Senior Editor
Published
Updated
1 minute & 30 seconds read time
Voice: Kosta Andreadis
0:00 / --:--
Use left and right arrow keys to seek audio.

Downloading pirated software, especially an operating system, is not something you should consider - especially in light of this new report from Doctor Web. They've found multiple pirated copies of Windows 10 Pro feature a hidden trojan app called Trojan.Clipper.231 that steals cryptocurrency by substituting crypto wallet addresses in the clipboard with different addresses.

Pirated copies of Windows 10 feature hidden malicious apps designed to steal crypto 02
2

These unofficial and pirated builds of Windows 10 feature the malicious apps built into the OS, so it's not something you'd be able to spot when doing a clean install. Looking into the issue, Doctor Web quickly found five versions of Windows 10 on torrent tracker sites with the malicious trojan app.

The good news is that they have identified the malicious apps in the system directory.

  • WindowsInstalleriscsicli.exe (Trojan.MulDrop22.7578)
  • WindowsInstallerrecovery.exe (Trojan.Inject4.57873)
  • WindowsInstallerkd_08_5e78.dll (Trojan.Clipper.231)

The problem comes with installation as the crypto hijackers are hidden in the EFI (Extensible Firmware Interface) partition to evade detection. Looking at the files above, the dropper (iscsicli.exe) mounts a new partition, copies the two other malicious files, deletes the original files from the main drive, and launches Trojan.Inject4.57873 and then unmounts the partition. This then injects the malicious app and code into a regular system process.

This method of injecting malware into the EFI partition is rare, so security experts are looking at this case closely. The report from Doctor Web estimates that 0.73406362 BTC and 0.07964773 ETH, which is around USD 18,976.29, have been stolen so far.

A definite reminder that pirating an OS can be dangerous and costly. Here's the list of affected pirated Windows 10 copies spotted by Doctor Web.

  • Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso
  • Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso
Photo of the Microsoft Windows 11 Pro 64-bit, DVD - OEM

Best Deals: Microsoft Windows 11 Pro 64-bit, DVD - OEM

Prices last scanned 29 minutes ago

* Prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.

News Source:news.drweb.com

Senior Editor

Email IconX IconLinkedIn Icon

Kosta is a veteran gaming journalist that cut his teeth on well-respected Aussie publications like PC PowerPlay and HYPER back when articles were printed on paper. A lifelong gamer since the 8-bit Nintendo era, it was the CD-ROM-powered 90s that cemented his love for all things games and technology. From point-and-click adventure games to RTS games with full-motion video cut-scenes and FPS titles referred to as Doom clones. Genres he still loves to this day. Kosta is also a musician, releasing dreamy electronic jams under the name Kbit.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News

Similar News Stories

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles