A new malware campaign, called Vigilante, has been discovered whose primary purpose is the opposite of most common malware motives. Instead of stealing passwords or extorting victims for ransom, the malware blocks the victim’s computers from being able to visit software piracy websites.
According to researchers from Sophos, the malware works by making changes to the HOSTS file on the compromised system, in an effective method to stop a computer from reaching some specific web addresses.
The secondary payload is a ProcessHacker[.]jpg file that performs various additional functions to block the infected system from running the pirated software. It modifies the HOSTS file by asking Windows for privilege elevation.
The attackers have used multiple ways to spread the malware, by attracting people visiting popular torrent sites to pirate software. These files tend to be lone executable files.
This new Vigilante malware is possibly operated by an individual or a group trying to protect people from using pirated software by blocking their websites. However, making unauthorized modifications to someone’s internal system is still criminal activity. Therefore, users are requested to stay protected by avoiding the download of pirated software or clicking on links from unknown users.