The Reveal Platform
Intel Name: Distribution of malware disguised as cracked versions of popular software
Date of Scan: June 24, 2025
Impact: Medium
Summary: Cybercriminals are leveraging social media platforms to distribute malware by disguising it as cracked versions of popular software. Victims are lured to download ZIP files containing password-protected 7-Zip archives, with the passwords often displayed in the file names or download pages. These campaigns frequently use non-ASCII characters in file names to evade detection. Previously identified malware from such campaigns includes Lumma Stealer and StealC v2, although newer, yet-to-be-analyzed malware families are also emerging.
