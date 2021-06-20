The software is being distributed via Discord and BitTorrent disguised as fake video games

The origin of the anti-piracy ‘malware’ is not known but, unlike others, it does not seek to steal personal data

Once the malicious software is executed, it blocks user access to more than a thousand websites, most of them related to piracy.

A distributed ‘malware’ via Discord and BitTorrent disguised as fake video games infects users in order to prevent them from accessing pages for illegal downloading of unlicensed software, without trying to steal information, resources or personal data.

The security company Sophos shared an article on Thursday announcing the discovery of this evil code, and indicated that the origin and motivation of the ‘malware’ is unknown, which, unlike most, does not seek the theft of personal data or private information.

Malicious software hides itself as pirated copies of software packages that, in this case, were sent through the Discord communication service. On the BitTorrent file-sharing website, ‘malware’ inserts itself into files with names of famous video games, productivity tools and security products, according to Sophos.

Along with these files, in BitTorrent other files were attached that gave it fidelity since they gave it appearance of having originated from the popular pirate website ThePirateBay.

The files appeared on Discord were shown as executable, while those on BitTorrent tried to acquire the pirated software image. This software takes the form of compressed files with a text file, additional files, and a shortcut file that says ‘ThePirateBay’.

When you double-click the ‘malware’, a window of ‘System error‘stating that a .dll format file is not found on the computer, and calls for reinstalling the program to fix the problem.

Sophos explains that when it runs, the ‘malware’ checks the network connection to see if it can establish itself there. Once the malware is installed on the system blocks access to more than a thousand web domains, although not all have to do with piracy.

To remove the malicious code, users can clean the HOSTS file manually, according to Sophos. To do this, the company indicates that a copy of Notepad must be run as administrator and the file c: Windows System32 Drivers etc hosts must be modified.

There, remove all lines that start with “127.0.0.1” and that they mention ThePirateBay websites or other piracy websites.