Numerous info-stealer malware distribution campaigns leveraging pirated software, SEO poisoning, and malvertising have been underway, with threat actors using cracked versions of Adobe Acrobat Pro, 7-Data Recovery Suite, 3DMark, 3DVista Virtual Tour Pro, Wondershare Dr. Fone, and MAGIX Sound Force Pro as lures, BleepingComputer
Zscaler researchers discovered that many of the campaigns involved the use of malicious executables purporting to be software installers, which redirect targets to fake shareware websites including allcracks[.]org, deepprostore[.]com, getmacos[.]org, prolicensekeys[.]com, steamunlocked[.]one, and xproductkey[.]com.
The report noted that archives with a 1.3MB password-protected ZIP file and a TXT file with the password are contained within the files downloaded from the sites. A malware loader within the file then proceeds to derive the RedLine Stealer
information stealing malware, which features web browser-stored password, credit card data, cookie, VPN credential, and cryptocurrency file and wallet exfiltration capabilities.
Aside from deploying RedLine Stealer, attackers have also sometimes engaged in deploying the RecordBreaker stealer malware and the Thermida obfuscation tool.