I downloaded a cracked install from tpb (haxnode). It was a loader exe that loaded the original exe and supposedly removed the drm in RAM. It required admin permissions, I didn’t trust it, but i ran in a vm and nothing happened.
Then i told myself “i have microsoft defender and windows firewall control, they will warn me” and I ran it in my main laptop, and still nothing happened. Like, literally nothing happened. The original program would not start. It would simply exit. Nothing. The other 6 almost identical torrents from the same uploader but with a different program version had a similar result. I gave up.
Then i reboot, and firstly i notice a couple DOS prompts flashing on the screen, and windows firewall control asking me if “aspnet_compiler.exe” is allowed to access the internet or not.
Suspicious, i go to check that “aspnet_compiler.exe” and it’s located in the .net system folder, i scan it with microsoft defender and it doesn’t report as a virus. I do not pay attention to the fact that it doesn’t have a valid Microsoft signature, and i tell myself “probably just a windows update” and i whitelist it on the firewall.
After a few hours I realize “wait a minute: it’s impossible that an official windows exe isn’t signed by microsoft!” I go back to scan it, not infected… or it looks like, defender says “ignored because in whitelist”. What? The “loader” put c:* in the whitelist!
The “crack loader” wasn’t a virus per se. It dropped an obfuscated batch in startup, which had a base64 encoded attachment of the actual malware, that was copied in the .net framework directory with unassuming names…
And this for a $60 perpetual license program that i should buy anyway because it’s for work
You must log in or # to comment.
No offense man. But sounds like typical windows user’s mentality problem.
a reminder that you do need an Antivirus in fact as a pirate. Oh People, stop listening to cybersec experts who spend their whole life using foss or buying legit software, they’re in a different world from us pirates.
Also a reminder that it happens to the best of us anyway.
Alternative if you want to be hardcore: air gap the system you run questionable software on.
If you’re bored, you can even try to infect it with as much shit as possible.
Doesn’t work as a test system though. Stuff lies dormant waiting for network access.
A reminder that it only takes a simple lapse in judgment to get pwned
i ran in a vm and nothing happened.
Did you configure the VM so that it didn’t blatantly look like a VM? Of course malware is gonna act like a good boi when it detects that it’s being run in a VM
it probably did exactly in the VM what it did outside the VM.
Yeah true, I misinterpreted “and nothing happened [in the VM]” to mean “and nothing bad happened”
How do you do that? I’ve always wanted to know!
Nice try malware dev 🤣
Really though, there’s a bunch of stuff it can probe… Hard drive name, driver names, mac addresses, hardware profile/resource allotments).
Theresa a bunch of YouTube vids that go over virtual machine detections and hardening your VM to make it less obviously a VM.
Sounds like your brain was not working properly there buddy. You knew better and still went along with it.
*Me when I’m horny
And this for a $60 perpetual license program that i should buy anyway because it’s for work
Just to pile on: NEVER pirate stuff you use for work. Audits are a thing (especially if said software company gets suspicious for whatever reason) and you WILL be thrown under the bus at a moment’s notice and put on an industry wide shitlist because you are just too much of a liability after you get caught once.
Pirate for fun and hobbyist use. The moment you are getting paid, go legit.
in certain countries outside of the United States, companies using pirate software is normal and carries no legal risk. it companies in my country will install it for you on request.
I know I sound dumb, and forgive me for not having work experience yet, but…
Why doesn’t your company pay for any license they need for you to do work? Like I get if someone was a freelancer, then they’re gonna have to pay for their own stuff, but like, a professional, in-house employee pays for their own license?
Am I missing context here?
A lot of people in graphics design et al are contractors. They get hired for a job, do it with their own resources, and then move on. Those folk tend to need to provide their own software.
Aside from that? Companies DO provide software. But, at least in my experience, early career staff decide they actually NEED matlab or some other super proprietary nonsense and take it upon themselves to get the tools they “need”. Which results in their manager having to have The Talk about why you don’t do that in an actual company and how they are REALLY lucky you are the one that saw them because that is a fireable offense.
Can you explain for Dummies?
Let’s say you are a graphics designer. You use Adobe Illustrator and you pirate it. You work for Innertrode either as a contractor or a full time employee. You make their new logo.
Adobe’s legal team are bored. They see that new logo. They know it was made with Illustrator because of some of the visual quirks/tools (or, you know, because it is anything graphical so of course it uses Adobe). They know that Innertrode doesn’t have a license. So they call up Lumberg and say “what the fuck?”.
Lumberg then calls the person who was in charge of the new logo and they point at you.
If you are staff? You were given training not to pirate anything. It is all your fault. Innertrode buys a few years of a license and apologizes and fires your ass and makes sure to tell everyone they know about you. Or you are a contractor and you signed an agreement saying you had valid licenses for everything and they just give your contact info to Adobe and move on.
And Adobe MIGHT just want to shake you down. Or they might want to make an example and sue the fuck out of some people.
Also… it is a lot of hearsay for obvious reasons, but there are very strong rumors that some of the more prominent cracks tend to add digital watermarks for the purpose of automating this.
Not quite but a possibility answer.
Lot of software gets embedded tracking software where it does a few things to see if it’s tampered with and reports back along with a lot of details. It’s kind of sweet how you can dig in and see where exactly where that computer lives and how it can triangulate exactly where it is even over a VPN.
I happened to work with this software at one point…… lot of companies actually don’t unless there is a business using the software or it’s super expensive think 10k+ per seat or you see a hot spot. Not worth the effort.
Other side of the coin I was a Desktop Eng many moons ago. We would do reporting on all of the systems in SCCM and what’s installed on them and compare to a know good list of applications every so often to minimize legal risk to the business.
This. My employer provides a laptop (Surface 7…eugh), and nothing personal outside of basic web browsing is done on it.
And this for a $60 perpetual license program that i should buy anyway because it’s for work
If you work for someone, they should be providing the license for you.
If you’re a freelancer, it should be part of the costs that you get back as you work. $60 for a perpetual license is honestly not that steep and shouldn’t impact your prices much.
This is one of the main reasons I don’t pirate anything but audio and video anymore (and even then I’m cautious). It’s really not worth it.
I literally just watched this video yesterday which, as you mention yourself, talks about how modern malware will add itself to the exclusion list aka whitelist.
Anyway this is a good reason to try linux…
Not for long, Linux will get targeted like this as it becomes more popular. It’s more of an argument for OpenBSD if anything, since OpenBSD will never be popular on desktop and it’s developers take security very seriously.
Why wont it be popular for Desktop?
It took over twenty years just for Linux to enter the conversation at the enthusiast level, it took a lot, and I do mean a lot, of enshittification on Microsoft’s part and decades of campaigning by free software ideologues for us to get to this point, and if Windows still worked like Windows 7 we still wouldn’t be anywhere close.
OpenBSD is super niche relative to FreeBSD, which is super niche relative to Linux. I don’t even know if it was built for desktop use, or if it happens to be usable as one thanks to Linux DEs being compatible so long as they don’t heavily depend on Linux specific stuff. Though I guess it can be a desktop OS in the most conservative sense of that term even without all that stuff.
You’re probably not wrong. The AUR has become an increasingly more popular target for malware.
Ubuntu had issues with it’s snap store as well. I think there will be more security oriented distros in the future like Kodachi, but it’s best to be cautious in general these days.
Lest we forget about the Xubuntu malware thing that just happened recently. It only targeted windows users though.
There are two layers to this (actually a lot more but)
What you are describing is mostly supply chain. It is the idea that the package manager’s inventory should be safe. And that is already a nigh impossible task simply because so many of the packages themselves can be compromised. It seems like every other year there is a story of bad actors infiltrating a project either as an attack or as a “research paper”. But the end result is you have core libraries that may be compromised.
But the other side is what impacted OP and will still be an issue even if said supply chain is somehow 100% vetted. People are inherently going to need things that aren’t in a package manager. Sometimes that is for nefarious reasons and sometimes it is just because the project they are interested in isn’t at the point where it is using a massive build farm to deploy everywhere. Maybe it involves running blind scripts as root (don’t fucking do that… even though we all do at some point) and sometimes it involves questionable code.
And THAT is a very much unsolved problem no matter what distro. Because, historically, you would run an anti-virus scan on that. How many people even know what solutions there are for linux? And how many have even a single nice thing to say about the ones that do?
There’s no reason why Linux would be immune to this. If anything you’re probably not running any AV on Linux so if you did get infected you’d probably never notice until it starts being a pain.
I guess in theory you’re right. If you’re executing code, you’re executing code. But usually when executing EXE files it tends to target Windows machines, but yeah, there’s no way of telling if it’ll recognize it’s in a linux environment and do it’s thing there as well.
Especially because OP mentioned he just clicked “Yes”/“Allow” to all the super user prompts.Now personally I don’t run an Arch system and only install software from my distro + flatpak; So I feel pretty secure for now. But I can see that trend buckling as the AUR is already under attack.
Programs running on Wine still have access to all of the files that you do. They won’t be able to mess with system files unless they can find some sort of privilege escalation exploit in Wine though.
For a little more security in this case. You can run them from a separated dedicated user.
If you don’t want to go down the Linux route, you might investigate Sandboxie. I remember that thing working miracles back when I was a Windows user.
Windows has built in sandboxing now. I haven’t actually used it, but I know it exists.
It’s been a minute since I used Windows. I wonder if it actually works.
(not a windows user so maybe wrong). afaik it is effectively a vm (or something like docker sharig kernel, but not filesystem, but not sure) where you can test a executable. it is only available to pro accounts though (so not the vast majority of home and oem installs).
Lots of weird stuff like that. I learned a couple weeks ago the three finger touchpad gesture from gnome works for windows virtual desktops (IF you already created a second one, otherwise it does nothing IIRC).
probably i would have ran it outside as the crack just silently “crashed” (while successfully dropped the malware as admin in the right spot, ready to be ran as admin at the next boot via the task scheduler) and i would have thought “maybe it doesn’t run in a sandbox/vm”.
But yes, in a hindsight, if i ran in sandboxie then i might have noticed that it had dropped suspiciously named files in common:startup with that nice file transfer GUI (unless if the malware detected sandboxie and did not run the malicious routines)
If it didn’t run the malicious routines, problem solved :)
Not a silver bullet, just something to remember exists.
This is the most amazing post I’ve ever seen.
Depending on what you work on, maybe there’s an alternative FOSS or at least paid DRM free software?
Or, if you work for a company and it demands this tool, maybe you could ask them to provide the software for you?
On a 3rd point, I’ve seen official softwares detect when they’re being run in VMs or similar, so maybe that’s what happened.
On a 4th point, if you must use a crack, maybe do so on a less usual Linux system, so if it’s a functional one but packaged with virus, the virus breaks either because it runs under Wine or similar, or because the less usual system lacks some needed dependency for the virus if it can run on Linux as well?
On a 3rd point, I’ve seen official softwares detect when they’re being run in VMs or similar, so maybe that’s what happened.
this is becoming more common afaik. why blow away your cover in a vm where you would not even get much (unless you are just a miner, but even then performance is worse), especially when checking if we are running in a vm is reaaly easy.
Cynical as I have become in recent years, I can’t help but to think it’d be due to a VM seldom carrying interesting data for data brokers - your real machine is usually where the “good stuff” is.
Lmao
Typical newbie experience, downloads stuff from a random website he found on google.com. Use fmhy or rentry to find what you need. Stop blaming yourself, things like this is what many newbies go through before they become like Bartholomew Roberts.
I’ve poked around on FMHY and most of the direct download sites are total garbage banner ads everywhere and popup galore with slow ass download speeds. Even the big public trackers like 1337x are whack in this regard. Yes obviously use an adblocker which takes care of that problem but if the ~average user goes at this blind they’re gonna end up on some random ass sites from misclicks or get redirected or at best wait way too long for a download or it’s in parts of an archive and they have to wait til tomorrow for another download etc etc.
Private trackers or bust, always and forever
