BleepingComputer reports that ongoing intrusions leveraging pirated versions of Microsoft Office have been launched by threat actors to deliver a malware cocktail that includes remote access trojans, malware loaders, and cryptocurrency miners, among others.
Attacks involved luring targets into downloading the cracked software's installer from torrent sites, which when opened enables in-background deployment of a .NET malware that would seek a URL to download additional components, according to an AhnLab Security Intelligence Center report.
Aside from deploying the Orcus RAT malware for data exfiltration, the malware also launches the PureCrypter loader for further payload retrieval and execution, the XMRig cryptominer for Monero mining, the 3Proxy tool for malicious traffic routing, and the AntiAV software for security systems deactivation, with the persistence of such payloads ensured by the "Updater" module, said researchers.
Such a development should prompt users to avoid pirated software and be more vigilant of the sources of downloaded files.
