"Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT"

Security researchers at eSentire's Threat Response Unit (TRU) have discovered that Xtreme RAT and Cryptominer have been delivered through pirated copies of the Windows operating system (OS) software.  The researchers noted that several malicious Windows services on the system were responsible for modifying system permissions, disabling Windows Defender, and retrieving payloads from a malicious URL.  According to the researchers, the behavior of the threat actors was identical to what was described by Minerva Labs in mid–2021.  This included Xtreme RAT gaining persistence on the host by creating new services.  Two of them were reportedly called "Registration for device management" and "Previous Versions Library."  The researchers had observed several instances of this threat dating from late 2021 to early 2022.  The researchers noted that in these instances, systems were suspected of operating pirated versions of Microsoft's Windows operating system.  In terms of the motives behind these infections, the researchers said they might be financial in nature.  The backdoored OS contains the necessary tools to monetize infected systems.  Cryptominer, RAT, and adware all provide various means to monetize infected systems through abuse of system resources, fraud, advertisements, etc.  

Infosecurity reports: "Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT"