It’s well-known that downloading apps and other software from unofficial sites, including social media outlets, is risky at best. Yet those who know better still do it for their own reasons, like getting a free download of Windows OS 11 they would otherwise have to pay for.
Cybersecurity experts warn “free software” often has many strings attached, and none of them good. An infection from Vidar info-stealing malware is an example of just how wrong a free software download can go.
Recently, ThreatLabz found new domains created by a bad actor that spoofed (cloned) the real, official Microsoft Windows 11 portal. Instead of getting the legitimate Windows 11 for free, what you end up with is a Vidar info-stealing malware infection. Vidar allows these bad actors to set their choices for stolen information; credit card data and passwords are often among those preferences.
ThreatLabz also finds spoofed Windows 11 download sites aren’t the only ones hosting Vidar. They believe the same bad actor is spoofing other legitimate downloads to spread the info-stealer. They located a GitHub arsenal hosting backdoor versions of Adobe Photoshop, another popular and pricey software.
When “FREE” Costs a Bundle
What you also get with a free software download is an epic headache when you find that Vidar spyware has stolen all your personally identifiable information (PII). The potential financial damage and possible case of identity theft are losses taking months to years to unravel and fix.
It's wise to keep the following three tips in mind when tempted by a free software download. Overall, remember that fake or cloned websites are notorious for spreading malware, spyware, and nuisance ware.
- Always make sure the URL is spelled correctly, look for poor graphics like fuzzy logos and other oddities, and bad grammar and spelling are always the sure sign of a fake site.
- Always download from legitimate sites like Google Play Store and Apple App Store. Although not perfect, they scan all software for malware before making it available. Third-party sites are especially risky as they don’t always scan their products for malware.
- No matter how tempting a free download offer is, remember, hackers love using social engineering tactics to persuade and convince you to take action. So, don’t fall for it.