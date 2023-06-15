BleepingComputer: hackers learned how to steal cryptocurrency using Windows

Attackers began infecting pirated versions of Windows with viruses that steal cryptocurrencies. About it informs edition of BleepingComputer.

The problem was brought to the attention of Dr. Web. According to experts, unknown people have learned to integrate virus programs into Windows ISO images that are activated during system installation. Malicious software was found in pirated versions of the OS from Microsoft, available on torrent sites.

Experts found that the attackers began to hide viruses in the EFI (Extensible Firmware Interface) section, which is used when installing Windows. “Because standard antivirus tools do not typically scan the EFI partition, malware can potentially bypass protection,” the authors of the report noted.

The material says that after activating the program, the virus starts scanning the system clipboard for addresses of cryptocurrency wallets. If they are detected, the program will perform a substitution, replacing the source address with one controlled by the attackers. “Pirated OS downloads should be avoided because they can be dangerous,” said Dr. Web.

In early June, security experts reported on the discovery of a new malware called Terminator on the network. According to its creator, the program can bypass any computer protection on Windows.