Key Generating software or Keygens have always been popular with those who preferred to crack shareware programs and use them for free, rather than paying for them!
Well, get ready for a shocker! Here is a keygen with a twist! It steals your software licenses.
Kaspersky recently detected a Trojan dropper which passes itself off as a key generator for Kaspersky Lab products. The file’s name is kaspersky.exe.
Once launched, the file displays a key generator window prompting the user to select a product. After one of the options is selected, the program proceeds to generate a key.
And while the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC.
One of these has been detected by Kaspersky Lab as Trojan.MSIL.Agent.aor. It steals registration data for other programs, as well as passwords, mostly for online games.
The Trojan also modifies the ‘hosts’ system file to block access to a number of websites. For example, such websites as virustotal.com and virusscan.jotti.org, which offer file scanning by solutions from many antivirus vendors, become inaccessible.
The second piece of malware installed by the dropper is a typical backdoor which also has keylogger functionality, collecting keystroke data. It is detected as Trojan.Win32.Liac.gfu.