Hackers have long been in the business of spoofing legitimate sites; making exact replicas of popular websites offering a variety of free downloads.
Of course, instead of getting genuinely useful code, you find yourself on the poisoned domain. Rather than the legitimate site, what you download will be malware of one type or another.
The most recently discovered instance of this involves the Smart Game Booster site. It’s a legitimate piece of code that helps to improve the performance of the games you play, and it has become popular enough that it’s caught the attention of at least one hacking group. That group cloned the site and pretends to offer the same product.
In this case though, the malware the hackers deploy is one of the more insidious we’ve seen. Unlike many malware attacks which latch onto a system with a persistent presence, this one runs only once and then deletes itself. Even more alarming is that it leaves no trace that it was ever there.
When it runs, it scans the infected device for passwords, your browser history, any cryptocurrency wallets you may have, and a wide range of other critical files. It collects these and sends all the data to its command and control server, and then self-destructs.
With no outward sign, many users will be completely unaware that there’s a problem until they start seeing suspicious charges on credit cards, noticing funds being removed from bank accounts and the like. By then of course, it’s far too late.
The bottom line here is simple: Be mindful about where you download files from. Check your URLs, and unless you can avoid it, never stray far from the big, well-respected sites like the Apple Store, Microsoft Store, or Google Play Store. It’s just not worth the risk.