2 min

Cracked versions of Microsoft Office and Adobe Photoshop are stealing browser cookies and Monero cryptocurrency wallets from freeloaders who installed pirated software. The report about these activities comes from Bitdefender.

As many of our readers probably know, cracked versions of the software are usually ones that have had their registration and licensing features removed.

They were usually distributed through BitTorrent in the old days and are sometimes known as ‘Warez’ by the people who use them. They appeal to freeloaders or people unable to afford subscriptions, who get to access the features without having to pay for a license.

Adobe and Office are most at risk

Microsoft Office and Adobe Photoshop are two of the most popular software suites in their markets. For that reason, the cracked versions are always popular. The cracks may seem free but let’s just say you will pay and sometimes with money.

The suites contain malware that can steal browser session cookies (or your entire profile history if you are on Firefox.)

They can also hijack Monero crypto wallets and exfiltrate data via BitTorrent, after opening a backdoor on the machines they are installed on and disabling the firewall.

The backdoor

Once executed, the crack drops a legitimate tool to send raw data over a network, named ncat.exe, and a TOR proxy as well, according to Bitdefender’s Bogdan Botezatu, the director of threat research and reporting. He was backed up by security researcher Eduard Budaca, with whom he wrote a blog post about this.

A batch file (chknap.bat) is also added to the mix.

These tools create a backdoor that communicates through TOR. It seems that the attackers take time to analyze the environments they attack and decide on what to exfiltrate. Usually, it’s valuables like crypto.