The ASEC analysis team has previously dealt with BeamWinHTTP malware being distributed through adware and PUP programs. When users install cracks and keygens by downloading the installers from the phishing page, various PUP programs and BeamWinHTTP malware are installed together. BeamWinHTTP additionally installs info-leaking malware (info-stealers).
When users search with keywords like ‘program names,’ ‘cracks,’ and ‘keygens’ in a search engine like Google, they may come across websites with fake shortened URLs. In the example below, the short URL is ‘hxxps://imgfil[.]com,’ and ‘hxxps://blltly[.]com’ was found in another instance. It is deemed that ‘imgfil[.]com’ is an imitation of https://imgflip.com while ‘blltly[.]com’ is an imitation of https://bitly.com.