Subj : Pakistani-based malware e
To : All
From : Mike Powell
Date : Sun Aug 17 2025 10:16 am
Pakistani-based malware empire 'punished' software pirates with infostealers,
earning millions of dollars in just five years - here's how to stay safe
Date:
Sun, 17 Aug 2025 10:27:00 +0000
Description:
Cybercriminals in Pakistan ran a global malware empire using pirated
software, amassing vast profits while exposing victims data.
FULL STORY
Pakistani-based cybercriminals have been linked to an operation that
distributed infostealer malware disguised as cracked software, amassing
millions of dollars over five years.
Reports from CloudSek claim the network, traced primarily to Bahawalpur and
Faisalabad, functioned like a multi-level sales model, except the product was
malicious code.
The group lured victims through search engine optimization poisoning and
forum posts advertising pirated programs such as Adobe After Effects and
Internet Download Manager.
Disposable domains masked the real source of malware
These listings redirected users to malicious WordPress sites, where malware
like Lumma Stealer, Meta Stealer, and AMOS was embedded within
password-protected archives.
The financial backbone of the operation was a pair of Pay-Per-Install (PPI)
networks: InstallBank and SpaxMedia, later rebranded as Installstera.
Affiliates were paid for every successful malware install or download, with
over 5,200 members operating at least 3,500 sites.
The tracked revenue exceeds $4 million, and payments were made primarily
through Payoneer and Bitcoin.
The scale was large, with records showing 449 million clicks and more than
1.88 million installs during the documented period.
The campaign took a turn when the attackers themselves were infected by
infostealer malware, exposing credentials, communications, and backend access
to their own PPI systems.
This leak revealed strong indications of family involvement, with recurring
surnames and shared accounts appearing throughout the infrastructure.
The group shifted strategy over time, moving from install-based tracking in
2020 to download-focused metrics in later years, a change which may have been
aimed at evading detection or adapting to new monetization methods.
Long-running sites proved the most profitable, with a small fraction of
domains generating the majority of installs and revenue.
Disposable domains with short lifespans were also used to distance the
infection source from the final payload delivery.
This highlights the risks of pirated software, which often serves as the
initial delivery method for such malware. How to stay safe Avoid downloading
cracked or pirated software, as it is a common method for delivering
infostealer malware. Use legitimate software sources such as official
developer websites and trusted distribution platforms. Keep security suites
updated to detect and block known threats before they execute. Configure a
firewall to prevent malicious programs from communicating with remote
servers. Enable multi-factor authentication so stolen passwords alone cannot
grant account access. Monitor bank, email, and online accounts regularly for
signs of identity theft . Back up important data to secure offline or cloud
storage to allow recovery after an attack. Stay informed about emerging cyber
threats and suspicious domain activity. Be wary of offers that provide
expensive software for free, as they often carry hidden security risks.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/pakistani-based-malware-empire-punished
-software-pirates-with-infostealers-earning-millions-of-dollars-in-just-five-y
ears-heres-how-to-stay-safe
$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
