Pirate Chick
There is a new malware on the loose, named Pirate Chick. The threat comes bundled with other applications in the form of a VPN software installer. However, there is a lot more that comes with the alleged VPN program. Pirate Chick has a dedicated website where users can download an official installer. Somewhat surprisingly, Pirate Chick's executable files even have digital certificates that come up as valid and signed by an entity called ATX International Limited.
In reality, Pirate Chick is a Trojan that poses as a legitimate VPN program. However, once installed and run, it connects to a remote server, downloads and installs a threatening payload on the victim's system quietly. The payload first gets dropped in the system's temporary folder and is then executed. Researchers discovered that until recently, Pirate Chick would drop a Trojan that collects passwords named AZORult. At the moment the payload is simply a process monitor, but researchers suspect this is just a pause in operation for the malware, as the actors behind it are getting ready to rotate into a new campaign.
The installer checks against an array of strings that make up process names and if it does find one of those processes running on the system, it skips installing the actual payload. The installer also checks whether it's running in a virtual environment, which is also a red flag for dropping the payload. The payload is downloaded as a plain text file, which is then decoded using base64 into an executable. This all happens before the user sees the first screen of the installation wizard of the VPN software.
Pirate Chick is commonly distributed using the most widespread method for similar malware - bundle installers, including free software bundles with piggy-backing malware in them and fake Adobe Flash installers. Again, as the researchers point out, at the moment, Pirate Chick downloads a process monitor - a harmless tool, but that can be swapped with any real threat at any time. Regardless of what is being downloaded, no software should connect to the Internet and download any undisclosed, unrelated additional files quietly, so this should be enough of a red flag.
To stay safe from threats similar to Pirate Chick, the best solution is to keep a fully-featured, updated anti-malware solution on your system.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.