Russian Hackers 'Trojanize' Torrents Online, Can Remain 'Invisible' For Long Time

Downloading cracked software can be dangerous because it could contain malicious codes from criminals and Russian agencies, Ukraine's cyber defense authority has warned.

These infected packages are the results of hackers' attempts to "trojanize" optical image discs, more commonly known as ISOs, as well as other installation files, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said, referring to the process of disguising malware as a regular file.

Hackers then upload these to torrent trackers for anyone to freely obtain, the agency said in a statement released Sunday.

"When a victim has such files downloaded and installed on their device, hackers gain access to the device's storage, while staying invisible for a long time," the SSSCIP said.

The use of cracked operating systems is "especially dangerous," according to the service, "as cybercriminals have full administrator access to any device such a system is installed on."

Systems administrators working for organizations and companies of various forms in many post-Soviet Union countries supposedly still use unlicensed software, including operating systems that were shared via torrent tracks.

Ordinary users in Ukraine are also at risk when installing unlicensed software from unofficial sources, particularly torrents, according to the SSSCIP.

"By installing a copy of cracked software from a torrent, they actually give Russian special agencies access to their workstations' drives," the agency said.

Ukraine was largely able to fight off Russian cyberattacks that were launched during the first year of Russia's invasion, Politico reported.

However, "Russian actors may seek to expand their targeting of military and humanitarian supply chains by pursuing destructive attacks beyond Ukraine" should Russia suffer more setbacks on the battlefield, Microsoft said in a recent intelligence report.

Google's Threat Analysis Group said that it had "high confidence" that Russia would "increase disruptive and destructive attacks" this year if the war shifts "fundamentally" in Ukraine's favor.

Meanwhile, cyber threat intelligence firm Recorded Future predicted that Russian cybercriminals will "almost likely" support Russia's next big military push against Ukraine, Politico reported last month.

"We're entering a new phase of the war. Despite all of the successes that defenders have had with stopping Russian cyberattacks, the GRU is very persistent," Gabby Roncone, a technical threat intelligence analyst at the Google-owned cybersecurity firm Mandiant, said.

"We're just sort of bracing for what comes next and hoping that we can help," she added.

The GRU, officially known as the Main Directorate of the General Staff of the Russian Armed Forces, is reputedly Russia's largest foreign-intelligence agency.