A piece of malware is spreading across the internet that doesn’t behave like your usual suspects. Strangely, this malware acts as a vigilante of sorts as the software prevents your system from accessing sites known for redistributing pirated data. BleepingComputer and Sophos News first reported on the malware.
When run, the program modifies your computer’s HOSTS file and fills it with a ton of sites, specifically known for doing illegal activity, and redirects those sites to your localhost IP address of 127.0.0.1, which goes nowhere – that is the address of your PC.
The malware will also connect to a remote host when ran, telling the attacker your system’s IP address, which could be used for future attacks.
You can find this malware lurking around on game chart services from Discord, as well as through BitTorrent URLs. Ironically, the software tries to hide its true functionality by looking like a piece of pirated or torrent software. Some files downloaded with the malware point back to the Pirate Bay’s main website.
We don’t know what the exact intentions of the creator were, however, it is a very crude method of “protecting” people from pirating on the internet or protecting people from malware.
A much better practice would be to install a good anti-virus that checks your internet security for threats, to stay protected, as well as being sure to practice safe browsing and, of course, not download anything illegally.