The idahelper.dll will then connect to the devguardmaporg site and download payloads believed to be the NukeSped remote access trojan. The win_fw.dll file will create a new task in the Windows Task Scheduler that launches the idahelper.dll program. This IDA installer has been modified to include two malicious DLLs named idahelp.dll and win_fw.dll that will be executed when the program is installed. Today, ESET tweeted about a malicious version of IDA Pro 7.5 discovered by Cherepanov that is being distributed online to target security researchers. TROJANIZED IDA PRO TARGETS SECURITY RESEARCHERS
#Use ida pro cracked
However, as IDA Pro is an expensive application, some researchers download a pirated cracked version instead of purchasing it.Īs with any pirated software, there is always the risk of it being tampered modified to include malicious executables, which is precisely what ESET researcher Anton Cherepanov discovered in a pirated version of IDA Pro distributed by the Lazarus hacking group. Security researchers commonly use IDA to analyze legitimate software for vulnerabilities and malware to determine what malicious behavior it performs.
![use ida pro use ida pro](https://windows-cdn.softpedia.com/screenshots/IDA-PRO_2.png)
IDA Pro is an application that converts an executable into assembly language, allowing security researchers and programmers to analyze how a program works and discover potential bugs.
![use ida pro use ida pro](https://images-na.ssl-images-amazon.com/images/I/51AFPem-MlL._SX377_BO1,204,203,200_.jpg)
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.