Computer Emergency Response Team of Ukraine (CERT-UA) has warned about dangers of downloading pirated software as it may contain malware that can wreak havoc on the system and steal valuable data.
The warning comes after an unnamed Ukrainian organization was compromised through a pirated version of Microsoft Office 2019 suit downloaded from a torrent website.
According to CERT-UA, the software contained a file named “AUTORUN.exe,” which executed another file (DarkCrystal RAT) and installed Microsoft Office 2019 onto the machine.
DarkCrystal (DCRat) is commercial .NET malware that has been available since 2018. It is designed primarily to steal data from a host that has been compromised. The RAT was being sold in Russian underground forums for an affordable price (starting from less than $6.00, depending on license duration).
Next, DarkCrystal RAT was used to download a trojanized “Windows Update.exe” file (PinkyAgent) onto the compromised system that, in turn, downloaded the DWAgent remote access tool.