"Crack" attacks: Fake apps targeting internet security providers

By Lysa Myers, ESET security researcher

If you’re a regular reader of this blog, you can probably rattle off a list of timeworn, multi-purpose security tips: don’t click unexpected attachments, choose a strong and unique password, back up your data, etc. Among the items on any such list, there are often a lot of tips that stress that you should only use reputable resources, such as reputable anti-malware software, reputable internet services, reputable download sites.

Why the constant emphasis on going to the extra trouble of checking these things?

The fact of the matter is that there are a lot of criminals out there who are pushing counterfeit items as a way to introduce malware onto your machine or to otherwise pilfer your data. Fake anti-malware products in particular and fake apps in general have been a problem for ages, and their prevalence continues to grow. Criminals will try to mimic popular software applications, including anti-malware software like ESET’s, to lure victims.

 

Trying to differentiate between a fake item and the real thing can be tricky for non-expert computer users, and as we’ve seen with phishing, criminals are always looking to improve their tricks in order to fool an increasingly wary public. The best way to avoid the question entirely is just to go to the source and get your software directly from the vendor or from a reputable software dealer.

 

If you’ve downloaded software or a “crack” – especially anti-malware software – from a shady or questionable site, you may be wondering whether you now have malware on your system. The best place to start would be with an online scanner (here’s ours). You can also contact Customer Support (here’s the contact information for ours) if you would like someone to help walk you through the process of verification or submitting a sample for analysis.