We at Tom's Guide have long stressed that if you want software, buy it It's a lot cheaper than having your online credentials stolen

A new malware called CopperStealer is lurking in "cracked" software downloads available on pirated content sites, and this malware can compromise login information to services such as Amazon, Apple, Facebook, and Google Login information can be compromised

This information comes courtesy of Proofpoint, a security firm based in Sunnyvale, Calif In a blog post yesterday (March 19), a Proofpoint employee detailed the CopperStealer investigation, including how it is distributed and what it does

Notably, CopperStealer operates on the same basic principles as SilentFade, the malicious malware that trashed Facebook accounts in 2019

First of all, if you don't want CopperStealer to infect your computer, don't download items from cracked software or keygen sites That's really all there is to it

CopperStealer seems to target people only through popular keygen and software crack download sites, so users who purchase software through legitimate (or gray market) means are not at risk

If you are one of the unfortunate thieves who has fallen for CopperStealer, there is still hope: CopperStealer is not particularly sophisticated malware and can be quickly eliminated by the best anti-virus programs

However, almost all of your online passwords need to be changed, especially if you tend to reuse passwords for multiple sites

Tom's Guide also recommends enabling 2FA for online accounts that offer two-factor authentication (2FA) While it is possible for a very dedicated cybercriminal to circumvent this, 2FA is at least a second line of defense in the event that a password is stolen This should give you enough time to change your password before things get really bad

Here's how CopperStealer works First, users in need of money visit a well-known cracked software or keygen site Then, they try to download the cracked software or keygen program

("keygen" stands for "key generation" Most legitimate paid software requires a product key to run If you can create a convincing fake key, it can often be used just like the real thing)

However, instead of (or in addition to) Windows 10 or Photoshop, one would use CopperStealer

The program runs in the background and scans web browsers for login information and user access tokens but Safari does not appear to be a possible target

Proofpoint has not provided an exhaustive list of login information that CopperStealer can discover However, Apple, Amazon, Bing, Google, PayPal, Tumblr, and Twitter accounts are all compromised, as is Facebook

Since most of these services have payment options, it would not take a particularly devious criminal to steal credit card information or make at least some illicit purchases (There is also a 2FA option that protects your account even if your password is stolen)

CopperStealer has one more nasty trick - a "downloader" feature that installs additional malware without the user's knowledge The usual choices include keyloggers, ransomware, viruses, and programs that turn the PC into a botnet for cryptocurrency mining

The good news is that Proofpoint has worked with Cloudflare, which provides network and security services to hundreds of major websites, to block the flow of CopperStealer malware

But in the meantime, don't feel too safe with cracked software sites Security firms and cybercriminals are in a constant arms race, and the next ubiquitous method of malware distribution is probably just around the corner