Cryptomining Malware Targets Students With Pirated Textbooks

Security software provider Kaspersky has distinguished a type of cryptomining malware that has taken root in numerous sites where pirated textbooks are transferred and downloaded. The delivery operator, WinLNK.Agent.gen, has been dynamic since 2011 but now its payload is a bit more profitable for the people who spread it.

The malware disguised as a book or paper packed in an executable file which permits the hacker’s command-and-control framework to send other pieces of malware, such as cryptominers and spam delivery frameworks, onto a contaminated computer. How can we identify the malware is targeting students? Kaspersky observed its logs and saw “233,000 cases” of malicious papers and “122,000 attacks by malware that was disguised as textbooks.”

“More than 30,000 users tried to open these files [this year],” they said.

Downloading out-of-copyright ebooks and library books is very basic and secure so this malware targets harder-to-find reading material.

Our own quick Google search found several ebook adaptations of different beginning college writings that cost $150 or more online. While most of them were PDFs, some executable files were hailed as malware.

Far more pernicious, interestingly, are the advertisements disguising as download links that send you to malware sites instead of the proper PDF or ePub file. While you’ll spare cash pirating these books online, it’s clear the results can in some cases be dreadful.