Xtreme RAT and Cryptominer delivered in pirated Windows Operating System

The Threat Response Unit (TRU) team of eSentire identified pirated Windows Operating System (OS) backdoored with CryptoMiner and Xtreme RAT. The TRU found that there were several malicious Windows services on the system which modified system permissions, disabled Windows defenders, and retrieved payloads from msz[.]su. According to the team, this behavior is identical to the one prescribed by Minerva Labs in mid-2021, which introduced ways to bypass Windows defender. The Security Operations Center (SOC) alarmed the customers of the malicious endpoint activity and offered suggestions for remediation and further forensic investigation.