您的位置: 首页  >  文章  >  每日新闻摘要:盗版软件中的恶意软件

每日新闻摘要:盗版软件中的恶意软件

分类: 文章 2025-04-30 15:51:52
每日新闻摘要:盗版软件中的恶意软件

Researchers at ESET and Malwarebytes have discovered crypto mining malware hidden in pirated music production software. The pirated software loads the malware in an emulated copy of Linux Preview Changes (opens in a new window)and can infect Windows, Linux, and even MacOS.

ESET和Malwarebytes的研究人员发现了隐藏在盗版音乐制作软件中的加密采矿恶意软件。 盗版软件将恶意软件加载到Linux 预览更改的模拟副本中(在新窗口中打开),并且可以感染Windows,Linux甚至MacOS。

Downloading pirated software is generally a bad thing to do. Not only does it deprive developers of earnings for their hard work, but you may also put yourself at risk in the process. Case in point, researchers at ESET and Malwarebytes, recently published findings of malware they’ve dubbed Loud Miner and Bird Miner respectively.

下载盗版软件通常是一件坏事。 这不仅剥夺了开发人员辛勤工作的收入,而且您可能会在此过程中冒险。 举例来说ESETMalwarebytes的研究人员最近发表了他们分别称为Loud Miner和Bird Miner的恶意软件的发现。

From what we can tell, they’re looking at the same malware, as nearly all details line up. The companies found crypto miners hidden in pirated copies of music production software known as Ableton Live.

据我们所知,由于几乎所有详细信息都在排队,他们正在寻找相同的恶意软件。 两家公司发现隐藏在盗版音乐制作软件Ableton Live中的加密矿工。

Ableton Live is a high-end audio software and is known to be, out of necessity, processor intensive to use. That fact makes it a perfect target for the malware developers, as they can surmise that anyone that wants to the software will have powerful processors (useful for crypto mining), and may write off the heavy processor use from mining as the audio software doing its job. The developers of the malware took novel steps to both infect as many people as possible and hide their true intentions.

Ableton Live是一种高端音频软件,由于不必要而被认为需要大量使用处理器。 这一事实使其成为恶意软件开发人员的理想目标,因为他们可以推测,任何想要该软件的人都将拥有功能强大的处理器(可用于加密挖矿),并且可以将挖矿中的大量处理器使用权从音频软件中删除,因为音频软件正在这样做工作。 该恶意软件的开发人员采取了新颖的步骤,既感染了尽可能多的人,又隐藏了他们的真实意图。

The software creates an emulated copy of Linux, known as TinyCore, to run from, allowing it to work across Windows, Linux, and Mac. And before it begins mining, it checks processor usage. If it detects 85% or more of the CPU in use, it waits to mine until more resources are available. The software also closes if certain tools, like Activity Monitor, are running that may reveal it.

该软件会创建一个可模拟Linux副本,称为TinyCore,以运行该副本,从而使其可在Windows,Linux和Mac上运行。 在开始挖掘之前,它会检查处理器使用情况。 如果它检测到85%或更多的CPU正在使用,它将等待进行挖掘直到有更多资源可用。 如果某些工具(例如活动监视器)正在运行可能会发现该软件,则该软件也会关闭。

Malwarebytes already updated its software to detect Bird Miner, for anyone worried about infection. [TechRadar]

对于任何担心感染的人,Malwarebytes已经更新了其软件以检测Bird Miner。 [ TechRadar ]

在其他新闻中: (In Other News:)

  • Apple launches a voluntary recall of some MacBooks: 15-inch MacBook Pros from mid-2015 are overheating. Drastically enough, Apple felt the need to do a recall. You can check Apple’s recall site to see if the recall includes your MacBook; if it does you’ll get a new battery. Now if only Apple would recall its keyboards and replace it with something good. [9to5Mac]

    苹果公司主动召回了一些MacBook: 2015年中期以来的15英寸MacBook Pro过热。 足够明显的是,苹果公司感到有必要召回。 您可以检查Apple的召回站点,以查看召回是否包括MacBook;您可以从Apple的召回站点中查看。 如果这样做,您将获得新电池。 现在,只要苹果能召回其键盘并用优质的东西代替它。 [ 9to5Mac ]

  • Canada’s largest credit union just revealed a massive breach: Desjardins, Canada’s largest credit union, revealed an employee leaked the personal information of 2.7 million people and over 170,000 businesses. The bank fired the employee and is offering monitoring services to everyone impacted. They say you shouldn’t stash cash in a mattress, but sometimes it sounds tempting. [ZDNet]

    加拿大最大的信用合作社刚刚披露了一项重大违规行为:加拿大最大的信用合作社Desjardins透露,一名员工泄露了270万人和170,000多家企业的个人信息。 银行解雇了该员工,并向受影响的每个人提供监控服务。 他们说您不应将现金藏在床垫上,但有时听起来很诱人。 [ ZDNet ]

  • Google is exiting the tablet business: The lead engineer for Google’s hardware division has confirmed the company no longer plans to make tablets. The decision included canceling two projects already in the works. If we’re honest, there’s no great Android out there, and the OS is half the problem. So losing Google tablets isn’t a huge loss. Other manufacturers will still fill in the gap anyway. [Ars Technica]

    Google正在退出平板电脑业务: Google硬件部门的首席工程师已确认该公司不再计划生产平板电脑。 决定包括取消已经在进行中的两个项目。 老实说,那里没有出色的Android,而操作系统是问题的一半。 因此,输掉Google平板电脑并不是很大的损失。 无论如何,其他制造商仍将填补这一空白。 [ Ars Technica ]

  • Windows 10 will tell you if the May 2019 Update is blocked: With any significant Windows 10 update, Microsoft likes to scan your PC for potential known problems with the update. If it finds a match, it blocks the update to prevent issues. That’s good, but until now you were told “no update available” which is slightly misleading. You may have thought the May 2019 Update wasn’t released. Now Windows will tell you that it’s blocked and give you a link to why. Good stuff. [TechRadar]

    Windows 10会告诉您是否阻止了2019年5月更新:对于任何重要的Windows 10更新,Microsoft都希望扫描您的PC以查找该更新的潜在已知问题。 如果找到匹配项,它将阻止更新以防止出现问题。 很好,但是直到现在为止,您都被告知“没有可用的更新”,这有些误导。 您可能以为2019年5月更新未发布。 现在,Windows会告诉您它已被阻止,并为您提供了原因的链接。 好东西。 [ TechRadar ]

  • Esports comes back to the X Games: The X games stopped hosting esports about three years ago. Now they’re returning and the first game to be featured is rising battle royale star Apex Legends. The prize pot is over $150,000, and qualifiers are on June 29th so get your team together quickly. My first pick is Wraith, but I’ll settle for Bangalore. [Engadget]

    电竞又回到了X Games:三年前,X游戏停止了举办电竞。 现在他们回来了,首款特色游戏是崛起的皇家大逃杀明星Apex Legends。 奖池超过$ 150,000,而预选赛将于6月29日举行,因此请让您的团队Swift团结起来。 我的首选是幽灵,但我将定居班加罗尔。 [ Engadget ]

  • Google Maps is filled with fake businesses: Google Maps is an easy place to check for a local plumber, electrician, or car repair shop. Unfortunately, many of these businesses are fake and lead to competitors, or are people posing as other businesses. It’s always a good idea to check more than one source when you need to find a repair service, especially one you invite into your home. And if you find a fake business, you should report it to Google[The Verge]

    Google Maps上充斥着假冒的商家: Google Maps是检查本地水管工,电工或汽车维修店的便捷地方。 不幸的是,这些企业中有许多是伪造的,会导致竞争者,或者冒充其他企业。 当您需要寻找维修服务时,尤其是邀请您回家的时候,最好检查一个以上的来源。 而且,如果您发现假冒商家,则应向Google报告[ 边缘 ]

  • A survey indicates the Tesla Autopilot name may lead to overconfidence in the tech: The Insurance Institute for Highway Safety (IIHS) did a survey asking people how safe they felt using self-driving features like taking hands off the wheel, talking on the phone or sleeping. The study gave participants the names of several competing technologies (Autopilot, Supercruise, etc.) but no manufacturer names or explanations of capabilities. Autopilot scored much higher in trust even in actions it’s clearly not designed for, like napping, which is disconcerting. What’s in a name exactly? [IIHS]

    一项调查表明,特斯拉自动驾驶仪的名称可能会导致对技术的过度自信:美国公路安全保险协会(IIHS)进行了一项调查,询问人们使用自动驾驶功能(如将手放下车轮,在电话上交谈或睡眠。 该研究为参与者提供了几种竞争技术的名称(自动驾驶仪,超巡洋舰等),但没有制造商名称或功能说明。 即使在明显不是为小睡而设计的动作上,自动驾驶在信任方面的得分也要高得多,例如令人不安的小睡。 确切的名字是什么? [ IIHS ]

You may have seen the news that smartphone users are growing a skull horn in the back of their head. The research comes from a chiropractor and associate professor of biomechanics who have the studied abnormally large bony structures in the base of some people’s skulls.

您可能已经看到了这样的消息:智能手机用户的脑后部长出了骷髅角。 该研究来自脊椎治疗师和生物力学副教授,他们研究了某些人头骨底部异常大的骨骼结构。

While the study hypothesized that the cause was bad posture from staring at smartphones and tablets, it failed to do several things to establish that theory.

尽管该研究假设原因是盯着智能手机和平板电脑造成的不良姿势,但未能做几件事来建立该理论。

For instance, the study focused solely on people who were already visiting chiropractors due to severe pain, likely increasing the sample set of people with strange bone growth. It also didn’t control for people who did and didn’t use smartphones, meaning it has nothing to compare the data to at all.

例如,该研究仅针对因严重疼痛而正在拜访脊医的人们,这可能会增加骨骼生长异常的人群的样本。 它也无法控制使用和不使用智能手机的人,这意味着它根本无法将数据进行比较。

Proper research needs large sample sets, with controls, and correlating data. Even with all of that in place, mistakes happen, and studies can and do draw incorrect conclusions, which is why we also repeat research to reproduce results.

适当的研究需要大样本集,对照和相关数据。 即使所有这些都存在,也会发生错误,并且研究可以并且确实会得出错误的结论,这就是为什么我们也重复研究以重现结果的原因。

So if you’re worried (or hopeful) your curled up smartphone posture might cause you to grow a horn, you can stop. But maybe sit straight anyway, you’re gonna throw your back out. And if you don’t stop crossing your eyes, they’re going to get stuck that way. [Gizmodo]

因此,如果您担心(或满怀希望)您弯腰的智能手机姿势可能会导致您变角,您可以停下来。 但是也许无论如何都坐直,你会退缩的。 而且,如果您不停止视线,它们将被卡住。 [ Gizmodo ]

翻译自: https://www.howtogeek.com/fyi/daily-news-roundup-malware-in-your-pirated-software/

相关推荐