James Delahunty
12 Nov 2013 4:56
A Warez group has been exposed for collecting information on pirates who downloaded cracked software they released.
The group, "MeGaHeRTZ", has allegedly been including malicious elements in its cracks for popular software, including SmartFTP, DVDFab, FlashFXP, Incredimail, Traktor and BurnAware Professional.
Somebody noticed unusual firewall activity with a cracked version of Malwarebytes Anti-Malware Pro and investigated further, finding that the software had been e-mailing information back to a number of addresses, all of which have account names containing some variation of the MeGaHeRTZ group name.
The information it sent back included the username, computer/drive serial from the Windows API, and the host machines's IP address.
All software they released has since been "nuked", but its all out there now.
Cracked software containing malware is nothing new, but its very rare that the malware is added by the originating group. Typically the malware is added later and spread on P2P networks, file sharing forums or BitTorrent trackers.