“Free” Software, Costly Consequences: AsyncRAT Spreads via CCleaner, AnyDesk, & More

In the realm of cybersecurity, threats are constantly evolving, with malicious actors devising new methods to target users. One of the latest threats is a variant of AsyncRAT, which is actively spreading under the guise of cracked software. Users seeking free access to paid programs become unsuspecting victims of this trojan, unaware that behind the seemingly harmless software lurks a dangerous piece of malware.

According to McAfee’s report, this threat has been spreading since March 2024, infecting numerous devices worldwide. AsyncRAT enables cybercriminals to remotely control compromised computers, steal sensitive information, and gain full control over the device.

One of the most common methods of malware distribution involves disguising it as well-known programs, such as CCleaner, Sidify Music Converter, EaseUS Partition Master, and YouTube Downloader. However, the most notable case involves a counterfeit version of AnyDesk. The malware uses the legitimate AnyDesk file to create the appearance of a genuine application, while the primary attack occurs covertly in the background.

Once the user launches the fake installer, a series of hidden operations take place: the malicious code modifies system settings, creates exceptions in Windows Defender, and initiates PowerShell to execute concealed commands. During the attack, various files are swapped and executed, allowing the malware to establish itself within the system and continue its operations undetected.

AsyncRAT employs sophisticated code obfuscation techniques, making it difficult to analyze. The malware utilizes encryption and data compression, followed by the downloading of additional components to enhance its capabilities. Among these functions are anti-debugging, covert data transmission, and a persistent connection to a command-and-control server hosted at orostros.mywire.org.

The rising prevalence of AsyncRAT and its distribution through pirated software underscore the ever-changing tactics of cybercriminals. By exploiting the allure of “free” software, attackers gain unauthorized access to thousands of computers worldwide.

To protect your data and devices from such threats, it is crucial to use reliable antivirus solutions and avoid downloading suspicious software.