Employees are attempting to download and activate pirate or cracked versions of software and unauthorized installers onto corporate endpoints, according to data from Barracuda’s Security Operations Center (SOC) tools.
Pirate (illegally copied) and cracked (tampered) versions of software often include malicious content and can lead to malware infections, credential theft, cryptominers, session hijacking, software compromise, ransomware and more. Illicit software can’t be patched and updated like legitimate versions, so security gaps remain open.
In the last month, Barracuda’s SOC repeatedly detected three types of suspicious executable file: activate.exe, activate.x86.exe and activate.x64.exe. These are generic filenames, not tied to any specific malware but chosen to sound legitimate and look routine. They are frequently seen in pirated/cracked software bundles, phishing attachments, fake software installers, and more.
The files, which can be big password-protected ZIP files, were being launched manually shortly after browser activity, such as from Chrome or Microsoft Edge, and often via explorer.exe. Pirate/cracked software requires manual interaction to install and activate the program — and by extension the malicious payload. Manual activity related to a software download is therefore a powerful indicator of illegal software.
“Employees downloading free, unofficial or unlicensed software to their company devices represent a major security risk, as they can become the entry points for serious security incidents,” says Laila Mubashar, senior cybersecurity analyst at Barracuda. “Organizations urgently need to put safeguards in place to protect employees from themselves. This should be centered on advanced, 24/7 security solutions, restricted permissions and user education.”
Red flags that software isn’t legitimate include the inclusion of instruction files in the software package (which aren’t seen with automated malware infections) and attempts to bypass license checks.
You can read more, including tips on how to protect corporate devices, on the Barracuda blog.
Image credit: designer491/depositphotos.com
