Security software provider Kaspersky has identified a form of malware dedicated to cryptomining that is commonly found in hacked manuals. The delivery agent, WinLNK.Agent.gen, has been active since 2011, but lately it has started to expand again.
The malware program masks itself as a book or an essay packaged in an executable file that allows the hacker’s command and control system to send other pieces of malware. The affected computers are thus easily infected with crypto miners and spam delivery systems.
Kaspersky identified that students are the main target
The program is aimed mainly at stupidity, according to the conclusions of the Kaspersky specialists. By tracking antivirus logs, they discovered
“233,000 cases of malicious essays and 122,000 malware attacks, which were disguised in textbooks.”
“Over 30,000 users have tried to open these files this year,”
they wrote them.
Downloading e-books has become quite popular, and malware is generally attached to high-priced textbooks, which can be found on the Internet in pirated versions. For example, college textbooks costing up to $ 150 can be found online for free, but with malware attached.
But more often, sites that store e-books and pirated manuals are full of disguised advertisements as download links. Instead of a pdf or epub file, most of the time the visitors download an executable that infects the computer.
In most cases, an antivirus program will protect users from such malware.