Monday, June 19th 2023
Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware
According to a report published by Bleeping Computer last week and research conducted by the Doctor Web team, nefarious online organizations are distributing Windows 10 ISO files laced with extremely dangerous clipper malware variants. Microsoft ceased direct sales of licenses for its last gen operating system earlier this year, and a select bunch of folks are resorting to grabbing copies (for free) from pirate sources. The Doctor Web alert states: "(we) discovered a malicious clipper program in a number of unofficial Windows 10 builds that cybercriminals have been distributing via a torrent tracker. Dubbed Trojan.Clipper.231, this trojan app substitutes crypto wallet addresses in the clipboard with addresses provided by attackers. As of this moment, malicious actors have managed to steal cryptocurrency in an amount equivalent to about $19,000 (USD)."
It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).
New Windows 10 licenses are still available to purchase from third-party retailers, and Microsoft does officially distribute W10 ISOs for existing customers—so it is odd that some system builders are relying on nefarious sources to "acquire" operating systems. TPU recommends using the official Windows 10 installation media tool, or a direct download of an ISO via non-Windows browser user agents—Bleeping Computer has detailed the methodology of mimicking a smartphone or tablet browser session here.
Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:
Sources:
Bleeping Computer, PC World, Dr Web
It continues: "At the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. The analysis our specialists carried out confirmed the presence of trojan applications in the system. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. Doctor Web's virus laboratory successfully localized all these threats and neutralized them." It seems that hackers are hiding cryptocurrency hijackers within Extensible Firmware Interface (EFI) partitions, thus evading detection by antivirus software(s).
Doctor Web shared and warned that the following Windows builds as infected sources, but they anticipate that even more examples exist on torrents and other illegal distribution sites:
- Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso
- Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso
- Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso
39 Comments on Reports Warn of Pirated Windows 10 ISOs Containing Dangerous Malware
In this situation, microsoft's own shenanigans are partly to blame. If they didn't include so much crap with Windows and weren't such goose-steppers where certain configurations were concerned, the custom ISO community wouldn't exist the way it does currently because the need would not exist.That's because it's not as common as one might expect. Most customized Windows ISOs are safe because the groups that make them have a reputation to protect. There are always bad actors though..
EDIT: @Solaris17 You can laugh, but it's one of my job duties to regularly check for this kind of thing and write reports detailing the findings. This is one of the reasons I'm so ultra-cautious about system security and why I DON'T trust microsoft to keep things "safe". Their definition and brand of "safe" is usually anything but fully secure.
Torrents do often involve illegality but it's not exclusive and some use them legitimately.
The same Could be said of the whole internet really, it's a path to evil ban it.
I too don't think you should be spouting a few governments party line(torrent bad)
It's the stupidest bit of news I've seen today given the security environment present, wtaf expects safe and sound OS, IF you're dodging paying.
I get custom iso"s but a legit key can make them legit and possibly safe, but again no guarantee, and too risky for me.
Ahhh, reminds me of the good times of stuff like "Windows XP BLACK EDITION" . :laugh:
In this case, the correct use would be "torrents and illegal distribution sites".
**And no OEM keys are not illegal!
We've always got Linux as well for $0, value.
Frankly Windows has been getting worse for about 15 years and the sooner we get mass adoption of an alternative , like Android for desktop or similar friendly Linux based OS, the better the world of computing will be. In fact, I'd say Microsoft hasn't produced a decent product generally for a similar time frame.
All they've done is made worse versions of existing software and gone SAAS, cloud, Azure, 365 ,Windows 10/11, and charge for them monthly, more $ for worse products.
But no, Linux is not an alternative to Windows for most people, neither in practicality of use nor in terms of compatibility. People have less time every day and I'm sorry but when I get my PC I just want things to work.