Monday, June 19th 2023

Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware

According to a report published by Bleeping Computer last week and research conducted by the Doctor Web team, nefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants. Microsoft ceased direct sales of licenses for its last gen operating system earlier this year, and a select bunch of folks are resorting to grabbing copies (for free) from pirate sources. The Doctor Web alert states: "(we) discovered a malicious clipper program in a number of unofficial Windows 10 builds that cybercriminals have been distributing via a torrent tracker. Dubbed Trojan.Clipper.231, this trojan app substitutes crypto wallet addresses in the clipboard with addresses provided by attackers. As of this moment, malicious actors have managed to steal cryptocurrency in an amount equivalent to about $19,000 (USD)."

It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).

New Windows 10 licenses are still available to purchase from third-party retailers, and Microsoft does officially distribute W10 ISOs for existing customers—so it is odd that some system builders are relying on nefarious sources to "acquire" operating systems. TPU recommends using the official Windows 10 installation media tool, or a direct download of an ISO via non-Windows browser user agents—Bleeping Computer has detailed the methodology of mimicking a smartphone or tablet browser session here.

Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:
  • Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso
  • Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso
  • Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso
Sources: Bleeping Computer, PC World, Dr Web
Add your own comment

39 Comments on Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware

#2
lexluthermiester
T0@stbut they anticipate that even more examples exist on torrents and other illegal distribution sites
Um, torrents are not illegal. So the "and other illegal distribution sites" is misstated and needs correction.
Posted on Reply
#3
FreedomEclipse
~Technological Technocrat~
Man... I gave up with pirated copies of windows when i found out i could buy legit grey market windows keys for very very little money and the best part of grey market keys is microsoft doesnt even care if you bought it for the price of a chicken dinner and one or two beers. People who buy the keys for their own system builds arent their bread and butter. They are still making money off you regardless by selling your data :laugh:

Posted on Reply
#4
Solaris17
Super Dainty Moderator
T0@stnefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants
Lol they have been doing that for years. It boggles my mind that people don’t expect it.
Posted on Reply
#5
lexluthermiester
FreedomEclipseMan... I gave up with pirated copies of windows when i found out i could buy legit grey market windows keys for very very little money and the best part of grey market keys is microsoft doesnt even care if you bought it for the price of a chicken dinner and one or two beers. People who buy the keys for their own system builds arent their bread and butter. They are still making money off you regardless by selling your data :laugh:

The point of custom ISOs isn't the "free" aspect but rather the customized experiences that people want to use but don't know how to do for themselves. Piracy isn't really a problem in this situation but rather the makers of the bad ISO taking advantage of users wanting a better experience than that which microsoft has to offer.

In this situation, microsoft's own shenanigans are partly to blame. If they didn't include so much crap with Windows and weren't such goose-steppers where certain configurations were concerned, the custom ISO community wouldn't exist the way it does currently because the need would not exist.
Solaris17Lol they have been doing that for years. It boggles my mind that people don’t expect it.
That's because it's not as common as one might expect. Most customized Windows ISOs are safe because the groups that make them have a reputation to protect. There are always bad actors though..

EDIT: @Solaris17 You can laugh, but it's one of my job duties to regularly check for this kind of thing and write reports detailing the findings. This is one of the reasons I'm so ultra-cautious about system security and why I DON'T trust microsoft to keep things "safe". Their definition and brand of "safe" is usually anything but fully secure.
Posted on Reply
#6
R0H1T
ChaitanyaWorse than Windows itself?
I mean if you go by that standard your phones are worse, probably 10x including the iToy :shadedshu:
Posted on Reply
#7
lexluthermiester
R0H1TI mean if you go by that standard your phones are worse, probably 10x including the iToy :shadedshu:
You'd be surprised how actually secure phones are, regardless of whether it's iOS or Android.
Posted on Reply
#8
T0@st
News Editor
lexluthermiesterUm, torrents are not illegal. So the "and other illegal distribution sites" is misstated and needs correction.
Note that "other" follows "torrent."
Posted on Reply
#9
Ruru
S.T.A.R.S.
Just wondering that who uses those when you can get a legit .iso from MS itself?
Posted on Reply
#10
lexluthermiester
T0@stNote that "other" follows "torrent."
Exactly. The way that statement is written directly implies that torrents are illegal, which is incorrect.
KissamiesJust wondering that who uses those when you can get a legit .iso from MS itself?
In the case of the article subject ISOs, mostly Russians as microsoft has put strict limitations on downloads from within Russia and it's ally nations.
Posted on Reply
#11
Ruru
S.T.A.R.S.
lexluthermiesterIn the case of the article subject ISOs, mostly Russians as microsoft has put strict limitations on downloads from within Russia and it's ally nations.
Ah, good point there. Yet still weird if there isn't a way (at least an easy one) to get a legit iso for them.
Posted on Reply
#12
T0@st
News Editor
lexluthermiesterExactly. The way that statement is written directly implies that torrents are illegal, which is incorrect.
It is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.
Posted on Reply
#13
lexluthermiester
KissamiesAh, good point there. Yet still weird if there isn't a way (at least an easy one) to get a legit iso for them.
One would think microsoft would make a choice that is logical and reasonable, but alas...
T0@stIt is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.
In some places, maybe, but not everywhere and not most places. Regardless, it's still poorly worded/stated.
Posted on Reply
#14
TheoneandonlyMrK
T0@stIt is grey area, given that certain ISPs and governments have blocked access to torrent listings and program functionality.
Certain countries block access to tiktok does that make it a grey area?.(I'd ban it worldwide tbf)

Torrents do often involve illegality but it's not exclusive and some use them legitimately.

The same Could be said of the whole internet really, it's a path to evil ban it.

I too don't think you should be spouting a few governments party line(torrent bad)

It's the stupidest bit of news I've seen today given the security environment present, wtaf expects safe and sound OS, IF you're dodging paying.
I get custom iso"s but a legit key can make them legit and possibly safe, but again no guarantee, and too risky for me.
Posted on Reply
#15
mechtech
Windows……the OS that ‘keeps an eye on you’
Posted on Reply
#16
lexluthermiester
mechtechWindows……the OS that ‘keeps an eye on you’
Wink wink..
Posted on Reply
#17
Easo
In case anyone here has trouble understanding what "BoJlIIIebnik" means - magician/wizard.

Ahhh, reminds me of the good times of stuff like "Windows XP BLACK EDITION" . :laugh:
Posted on Reply
#18
lexluthermiester
EasoAhhh, reminds me of the good times of stuff like "Windows XP BLACK EDITION" . :laugh:
Which one? There were a bunch! The version that became "Integral Edition" was perfectly clean(safe) and was very well done.
Posted on Reply
#19
Udyr
T0@stNote that "other" follows "torrent."
Understandable, but if you say "John and other students", it implies John is a student as well.

In this case, the correct use would be "torrents and illegal distribution sites".
Posted on Reply
#20
Denver
An OEM key is so cheap, I don't understand the need to get a pirated Iso these days;

**And no OEM keys are not illegal!
Posted on Reply
#21
mb194dc
DenverAn OEM key is so cheap, I don't understand the need to get a pirated Iso these days;

**And no OEM keys are not illegal!
Cheaper than $0 ?

We've always got Linux as well for $0, value.

Frankly Windows has been getting worse for about 15 years and the sooner we get mass adoption of an alternative , like Android for desktop or similar friendly Linux based OS, the better the world of computing will be. In fact, I'd say Microsoft hasn't produced a decent product generally for a similar time frame.

All they've done is made worse versions of existing software and gone SAAS, cloud, Azure, 365 ,Windows 10/11, and charge for them monthly, more $ for worse products.
Posted on Reply
#22
Denver
mb194dcCheaper than $0 ?

We've always got Linux as well for $0, value.

Frankly Windows has been getting worse for about 15 years and the sooner we get mass adoption of an alternative , like Android for desktop or similar friendly Linux based OS, the better the world of computing will be. In fact, I'd say Microsoft hasn't produced a decent product generally for a similar time frame.

All they've done is made worse versions of existing software and gone SAAS, cloud, Azure, 365 ,Windows 10/11, and charge for them monthly, more $ for worse products.
I completely understand the criticism, I agree that after Windows 7 it got worse and worse, full of unnecessary software and excessive telemetry.

But no, Linux is not an alternative to Windows for most people, neither in practicality of use nor in terms of compatibility. People have less time every day and I'm sorry but when I get my PC I just want things to work.
Posted on Reply
#23
Easo
lexluthermiesterWhich one? There were a bunch! The version that became "Integral Edition" was perfectly clean(safe) and was very well done.
Short answer is "Yes", or all of them. Was hard to choose when I was little and dowload speeds were... not great.
Posted on Reply
#24
dicobalt
I can't imagine why anyone would download a Windows image from a non-Microsoft website.
Posted on Reply
#25
R-T-B
Son, only $19,000? That's rookie numbers...
Posted on Reply
Add your own comment
Dec 19th, 2024 11:11 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts