Hackers often tuck malware in pirated movies and software to ensnare new victims. But in an ironic twist, researchers at Sophos have discovered a malware that actually prevents its victims from visiting websites associated with piracy.
The strange malware, which recently appeared on torrent sites and piracy-focused Discord servers, is tucked in bogus file packages for cracked software, games, and more. Whoever designed it is clearly very busy!
But the designer’s techniques aren’t exactly up to date. Andrew Brandt of Sophos says that the malware is crude and functionally identical to malware that he encountered a decade ago. It’s just an executable that edits your HOSTS file to block between 100 and 1,000 sites related to piracy, such as The Pirate Bay.
These executables are disguised as software packages, with names like “Among US V2020 9 24s.exe.” Accompanying files in the package are just nonsense placeholders to make things look legit. In some cases, these placeholders contain thousands of lines of racial slurs to make their file size look more appropriate.
So, was the malware designed by a weird racist who hates piracy? Did a teenager design it just to stir the pot without getting into any real trouble? We don’t know yet, and we may never will. That’s just the way things go sometimes.
All in all, this malware is harmless. You can reverse its effects by opening your HOSTS file to remove all the lines that begin with “127.0.0.1.” If you’ve intentionally dug through HOSTS to block domains in the past, you may want to double-check that those blocks are still there.