The Russian company F.A.C.C.T., a developer of technologies for combating cybercrime, discovered a network of sites where you could download antiviruses, programs for working with photos and videos, office applications, programs for design, modeling and other needs from software manufacturers that no longer operate in the country. There turned out to be 1316 such resources. When a user tried to download from there, for example, an illegal version of the popular American program for industrial design, engineering and construction AutoCAD, he also downloaded malicious files with it. These are spyware programs, stealer malware [steal cookies, logins and passwords, screenshots from the desktop, data from work accounts, information about the connection and the device from the device, — editor's note.], or cryptominers.

With the departure of foreign vendors and the disappearance of some popular licensed programs from the legal field, Russian users and administrators have begun to resort more often to searching for workarounds, including the use of "cracks" and other illegal activation methods. Observing such demand, attackers are actively creating sites where users download malware instead of the program, and actively promote them on popular resources.

Yaroslav Kargalev, Head of the Cyber Security Center of F.A.С.С.T.

Attackers posted links to download hacked versions on popular Russian social networks, video hosting sites and educational platforms. The promise to receive unlicensed familiar software along with activation keys or activators has been "pecked" by a number of companies across the country since the end of 2023.

F.A.C.C.T. experts recommend that enterprises train their employees in the basics of information security and regularly improve their skills in this area. It is also important to develop a mandatory corporate IT policy. This policy, in particular, should prescribe:

a list of programs allowed for use in the infrastructure. At the same time, it should be strictly forbidden to use everything that is not allowed;
a ban on ordinary employees independently installing programs on a working device;
activation of multi-factor authentication in the company's system;
a comprehensive approach that protects against various cyberattack vectors through protective solutions of various types;
regularly check for leaks of corporate users' accounts, their publication or sale on shadow sites.

Security officials remind ordinary users: you should not follow dubious links on the Web. In addition, you should always make sure that the software you want to download is downloaded and updated from trusted sources.

The risks of continuing to use foreign software in Russia from developers who have left the Russian market have been mentioned more than once. In particular, Dmitry Khomutov, CEO of Ideco, a developer of information security tools, noted at the end of 2023 that such software cannot only be updated in a timely manner, but also serviced in a timely manner. This creates risks for both companies and their clients, and provides fertile ground for hackers.

At the same time, according to Khomutov, some companies are taking this risk consciously. Officially, they purchase import-substituting Russian software, and unofficially, they use more familiar foreign programs in their work.