Security researchers at Kaspersky have discovered malware, dubbed SteelFox, which has been spreading “via forums posts, torrent trackers and blogs” since February of last year. It’s a potent piece of malicious software that attackers can use to extract a whole host of data from a victim’s computer, and can even enable the mining of cryptocurrency.
SteelFox spreads by masquerading as a cracking application, which is used to unlock access to software that normally needs to be paid for. This malware is able to spread by delivering on the promise of pirated software users are looking for, meaning it gets recommended to other pirates. However, unbeknownst to these users, it also gets to work stealing their data and bogging down their system.
Software pirates unlucky enough to run across SteelFox are in for a rough time. It targets browser data such as saved credit card information, search history, and cookies. Additionally, it looks for network information, drive names and types, currently running processes, installed software including antivirus solutions, and remote desktop (RDP) information. All while system resources are syphoned off for some cryptocurrency mining.
While this is a powerful set of tools for attackers, SteelFox is easy enough to avoid for the vast majority of users by simply not visiting the corners of the internet where pirated software is distributed. A much better option is to search for viable open source alternatives, checking websites like Humble Bundle that offer savings on software, or looking for discounts that might be available such as a student discount.
The old adage “there’s no such thing as a free lunch” is applicable here, as users looking to bypass paying for software can potentially pay a heavy price.