Have you ever gone to Google to search for Microsoft Office to purchase and returned results that offer the entire Microsoft Office Suite for a one-time purchase of $30? Who could pass up that deal?
Well, you should pass on that deal but some will not because it’s human nature to want to save money and to trust Google.
That $30 Microsoft Office purchase is cracked software and likely contains malicious software. The $120 you saved could cost you in identity theft, credential theft, credit card theft, network takeover, data theft, ransom demands, and/or loss of your business.
So why do people still purchase it? Is it a lack of education? Or do they just not care?
In this episode, we discuss how attackers are using a cracked version of CCleaner Pro to install credential-stealing software on victim computers. People are choosing to “steal” the software rather than pay the $30 (currently $20) for CCleaner Pro. The $30 savings is costing them a lot more but why do people choose to do this?
Here’s the article on Bleeping Computer
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted, and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in the war against data breaches and ransomware attacks. It’s time to educate.
Welcome to the human element podcast, visit our website at thehumanelement.net for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client-focused security-minded proactive IT service provider. Hey, everyone, it’s been a little bit of a while I apologize the IT world is insane. A little busy lately. This is episode eight. I may change the title later. But I’m going to call this the Google search problem. For now. We’ll call that a working title. And I’m using an article from bleeping computer. It’s one of my favorite sites for news, bleeping computer.com. And this one is called poisoned CCleaner search results spread information-stealing malware. Now the issue isn’t really CCleaner. And you’ll understand why once I’m done. I know in the past CCleaner has had malicious or had a vulnerability. I think it’s been a few years now. That vulnerability no longer exists unless you’re you know, you haven’t updated CCleaner in years. Hopefully, that’s not the case. Because that would be a different set of circumstances, I’m sure. Well, what is going on here is that attackers, malicious actors are using Google Search to get people to download CCleaner. Now you’re thinking alright, what does it have to do with the human element has a lot to do with the human element because Google accounts for I don’t know what the numbers are in 2022. But it’s always been very high. Around 90% of all internet search traffic now hasn’t changed much. Or maybe it’s gone down to 80%. I don’t really know. You know, the competition for Google, as far as search goes, hasn’t been really much of a competition, though DuckDuckGo has gained a little bit of ground, I think that’s a different topic. And DuckDuckGo now has its own set of issues, because they were actually, you know, DuckDuckGo advertises that they don’t track anything. But that’s not true. They were tracking for Google or for Microsoft, sorry. So I’m going to read this article a little bit. And I’m not going to read the whole thing to you. But I will, you know, give you a little bit of what’s in here. So poison CCleaner search results, spread information, stealing malware. So if you don’t know CCleaner is a utility that there’s a free version, there’s a paid version. And then there’s even a cloud version that I actually do have installed on a handful of computers for clients. don’t really use it that often. But it comes in handy every now and again. And it only costs $2 I think it’s $2 or $2.50 a month for me to do that. So it’s not a lot of money for my clients. And essentially what it does is it cleans up temp files and browser caches and things like that, it does a few other things. You can do some registry repairs with it. With the cloud version, you can monitor a few things. It’s not by any stretch of my imagination, or anybody’s imagination is not part of our primary stack. And I usually just use Disk Cleanup to clean up things like browser cache, but for various reasons. Every once in a while CCleaner cloud gets installed. But CCleaner is typically the free version is installed on people’s computers. IT professionals that are a little less versed in how Windows can do all these same things will usually install CCleaner also, sometimes it’s just easier to use CCleaner, or if you’re an end-user, and you don’t really know how Windows works too well. You might install CCleaner and malware is being used is being. So, people, are somebody got a hold of CCleaner Pro, which is the paid version, cracked it installed malware, and then is offering a pirated copy. So in other words, pirated copy means I’m getting the software that would normally cost money. I’m not paying anything. And I don’t know what CCleaner pro costs? I’m not sure I’m sure it’s not that much money. But, um, nonetheless, it’s being pirated as free software. And so if I search Google, it may come up. Now, fortunately, for probably most of the people listening to this podcast, this is not really an issue in the US, at least not yet. It has been found in countries which countries, I saw a list of countries France was one of them.
No, I can’t find a list of countries but France. I know for sure. France was one. And there are a few other countries out there that had this as a problem. Oh, here it is France, Brazil, Indonesia and India are where it’s been found, or where most of the victims have been. Alright, so how does it happen? It’s using Blackhat, SEO, and SEO blackhat SEO. So first of all, SEO is short for search engine optimization. And what it means is you prepare your website so that Google and other search engines like Bing and Yahoo, are able to find your website. That’s called Search Engine Optimization. And there’s a bunch of stuff you do to make that happen. Well, Blackhat, Seo says essentially the same thing, except they do some things that Google kind of frowns on. And I use Google again because Google accounts for roughly 90% of the search traffic. So you may go and search in the screenshot they have on this article CCleaner pro crack. And it’ll come up and you download it. You know, there’s the search results, as the first search result here. So CCleaner, pro 6.0, point 9727, crack, plus serial key 2022 Full version. And what you’re doing is, first of all, it’s illegal to download pirated software. So if you’re installing pirated software, you’re breaking the law. But on top of that, you’re taking a huge risk. And we hear about all the time how to crack software also installs malware, and this is no different so it will install software that’s going to steal passwords from your browser. You know, we just learned recently there is a new activity I guess is the best word to use, where they’re stealing also credit card information from your browser. So the stuff they’re stealing here’s a list of account passwords saved credit cards and cryptocurrency wallet credentials. And even further if you are doing cryptocurrency wallets if you’re using a cryptocurrency wallet on that computer that you installed CCleaner pro cracked version on it is also used as proxies to steal cryptocurrency market account credentials, using man in the middle attack is very hard for victims to detect or realize in other words, they’re putting their cryptocurrency wallet information into cryptocurrency address into your transactions in stealing your cryptocurrency you’re not going to pick up on it. The human element, the human component here is this. Google is used in let’s say, you know, I’m going to go down to 80%. Just to say, just to give other search engines some credit. Whether there’s 80, or 90%, it doesn’t really matter. It’s used in the majority of internet searches. We are so reliant on Google search results that will click on whatever comes up first. Now, combine that with the fact that we’re trying to find ways to save let me just look at what CCleaner pro costs but we’re trying to save a few dollars. And so instead of making a purchase of CCleaner professional, we’re going to try to save a few dollars and download this cracked version thinking you know Oh, what’s the harm CCleaner, the company that makes CCleaner probably makes a ton of money is pirate foam or pure foam Piriform. I think I don’t, I don’t remember what the company’s name is. But CCleaner Pro is $20. Right now, normally $30, it’s $20. Right now, you get $10 off if you go and buy it right now. So $20 for the year. Or I can get it for free. So you’re saving $20 for the year. And it doesn’t just happen with CCleaner, I don’t want to pick on CCleaner CCleaner is just the latest example. So you want to save a few dollars, you download this crack file, you search for it, you download it, you install it, it’s in a zip file, which again is a red flag, but it’s in a zip file. And a zip file is password protected. The reason it’s password-protected is that it’s trying to evade the antivirus on your system.
The file inside is called setup.exe or crack setup.exe. But apparently, there are other executables and variations on that name that get installed or could be installed. Both of those things are human nature, the fact that we’d go to Google search for something and take the first result, that’s human nature, the fact that we’re trying to save $20, which really is not a lot of money to stay in age over one year. That’s human nature. This is the human element. We shouldn’t be trying to do that for what software ever, you were putting everything at risk when you do this, if you use cracked software of any sort, Microsoft comes to mind all the time people download cracked versions, and I don’t even know why they do it because you can still get Windows 10 for free. But they will download Microsoft Windows for free, they will download Microsoft Office cracked versions of Microsoft Office, cracked versions of Adobe software. And that may be why a lot of these companies are moving to more of a subscription model because it’s a little bit harder to do that with subscription models. But it still happens. And there are lots of other examples of doing this, where you download crack software, you know, I’ve seen attempts at installing cracked antivirus programs. Usually defeating the purpose of having the antivirus in the first place, you’re installing something that puts everything at risk everything you install cracked software on your system. And everything is now at risk your personal identity, your financials, your tax information, your social security number could be your Bitcoin or whatever other cryptocurrencies you might be trading, credit card numbers, or passwords to all your accounts. And I’m going to talk and we’re going to have another podcast on passwords again. Because I cannot tell you how many times I have found passwords and browsers as of late. But all of these things are at risk. Now you risk losing your business, your personal everything, everything kids’ information, potentially everything. By installing crack software, just to save a few dollars, you know, let’s say it was Microsoft Office, you can get that. I want to say it’s $12 a month or $10 a month, or $150 one-time purchase, or $100 for the year if you do the subscription-based. It’s not that expensive in the grand scheme of things. And you’re doing all of this because your Human Nature says I want to save a few dollars, I could use that $20 or that $100 for something else. Maybe filling up your gas tank well not for $20 and up these days. It’s a big mistake. It is it will cost you so much more than $100 a year for Microsoft Office. It is a big mistake. But it is human nature to want to save a few dollars, or what you think is saving a few dollars. It’s human nature to go ahead and click on Google search results. So now in the example, I use CCleaner cracked I think it was CCleaner cracked, CCleaner pro cracked. And that returned the results. But if I just search CCleaner I’m sure you know so the first two sites that are the first site that comes up is their ad on Google, which by the way could also be used in these types of attacks. And it has been used in these types of attacks. The second result is their site and then you have download.sina.com which is a legitimate site. But how hard would it be for me to rank for that same search result, I don’t know, because I haven’t tried. And Blackhat methods might work initially. But eventually, you get you Google catches up to you and usually just removes your site from the Google search results. But not always in sometimes it takes some time. So now you have to deal with that.
And it’s very possible that you may end up downloading something you shouldn’t have downloaded. So always download from a reputable site, always purchase from a reputable site or through someone that is trusted in the community. So in other words, if you want to purchase Microsoft Office through Washtech, you know, we’re here to help you with that process. And we do this with our clients all the time, you don’t want to just click on a link in the head, that’s another one I see all the time is the Microsoft Office for 30 bucks. If it’s 30 bucks, if it seems too good to be true, it’s too good to be true. Nobody could sell Microsoft Office for less than Microsoft does. They will not allow people to do this if you’re purchasing Microsoft Office for 30. So let’s say if I search Microsoft office right now. You know, our human nature says here’s an ad, right at the top of the page, this is by Microsoft Office 2021, one-time purchase. And it says it’s while it says 141 99. Now that’s still cheaper, it’s $150 from the Microsoft site, is not one that I see here for 110. But this is not, you know, you’re buying something, they’re gonna take your money. And you’re gonna stick around and probably give you a cracked version of the software. And this was an ad, you’re not going to get it for so I see on the side more Microsoft ads. Here’s one for $30 software licenses free. I’m gonna go to the website and probably even risky behavior there. $30. Microsoft Office 2021 Professional Plus, it’s a site called softwarelicenses dotnet. So I’m going to be the average consumer here and go on Microsoft, I go on Google, I search for Microsoft Office, I need to purchase it. And I see this ad where it’s only $30. What am I going to click on, I didn’t search for Microsoft Office cracked, chances are that version of Microsoft Office is cracked. It is a digital download. And you’re going to install it, it’s going to be cracked, it’s going to install other stuff on your system that you don’t want probably credential-stealing software, that means it’s going to steal credit card info, passwords, bank account, social security number, things like that, whatever it can find. And I just scanned a system today that found a bunch of information that could potentially cost the business $250,000 in mitigation and penalties. So it’s not hard to imagine what a cracked software could come up with. And that doesn’t include passwords and credit card numbers. Or it could include credit card numbers. But anyway, it’s human nature to say, Oh, 30 $30 I’m gonna buy that. It happens all the time. Buy it from Microsoft, or from a reputable vendor. If the price seems too good to be true, it’s too good to be true. Walk away from it. You’re only setting yourself up. Again, we’re trusting Google search results. And we’re trusting we’re taking our inclination to want to save a few dollars and applying it to Microsoft Office or whatever other software that’s out there. And it’s going to end up costing us a lot more than the $100 you might have saved. So until next time, stay secure.