Security software provider Kaspersky has identified a form of cryptomining malware that has taken root in multiple sites where pirated textbooks are upload and downloaded. The delivery agent, WinLNK.Agent.gen, has been active since 2011 but now its payload is a bit more lucrative for the folks who spread it.
The malware masquerades as a book or essay packed in an executable file which allows the hacker's command-and-control system to send other pieces of malware, including cryptominers and spam delivery systems, onto an infected computer. How do we know the malware is targeting students? Kaspersky watched its logs and saw "233,000 cases" of malicious essays and "122,000 attacks by malware that was disguised as textbooks."
Downloading out-of-copyright ebooks and library books is quite simple and safe so this malware targets harder-to-find textbooks. Our own quick Google search found a number of ebook versions of various beginning college texts that cost $150 or more online. While most of them were PDFs, there were a number of executable files that were flagged as malware.
Far more pernicious, interestingly, are the ads masquerading as download links that send you to malware sites rather than the correct PDF or ePub file. While you can save money pirating these books online – when you can find them – it's clear the results can sometimes be nasty.
Skull image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.