Windows users have been cautioned that saving large files on their computers could damage SSD drives and corrupt data. Now, there’s an additional warning — installing free games may lead to even more severe repercussions as hackers strike once more.
This involves pirated games and a finding by a Trellix researcher that a complex network of redirects during the download of a free match installs harmful malware that can take control of your PC, disable security software, and introduce malicious software.
The researcher concentrated on Dodi Repacks, which is known for “distributing pirated games” and is marked as safe/trusted on several piracy forums. When attempting to download “the latest game uploaded to the site,” numerous redirects ultimately lead to a ZIP file.
This archive contained a .dll file that was “over half a gigabyte in size — a typical strategy used by threat actors to deter users from uploading their files to online scanners and sandboxes, as most have a size restriction.”
However, the file contained a call “that definitely should not exist,” which turned out to be a malicious function executing scripts on the PC to install the aptly named HijackLoader malware. This also circumvents standard antivirus software as necessary.
Also Read: http://Stop Playing These Free PC Games – Microsoft Windows Warning
“It’s important to note that all of this happened with the adblocker uBlock Origin installed,” Trellix states, “so the frequently repeated assertion on piracy forums that ‘as long as you have an adblocker installed, you’ll be safe when downloading pirated software’ is untrue.”
According to CyberPress, engaging with these pirated downloads carries risks, as “HijackLoader employs advanced anti-analysis and anti-debug techniques:
It inspects hypervisors and vendor IDs to detect virtual machines.
It assesses RAM and processor counts to avoid sandboxes.
It verifies system artifacts such as usernames and computer names.”
If the malware passes these checks, “the loader secures persistence by altering environment variables, duplicating components to %APPDATA%, and executing the payload using custom mutex logic.”
