comscore
हिंदी
  • Home
  • News
  • How A Pakistan Malware Made $3 Million Infecting 2 Million Users: Report

How A Pakistan Malware Made $3 Million Infecting 2 Million Users: Report

CloudSEK has uncovered a Pakistan-based family-run malware network using pirated software to infect millions globally, generating millions in revenue. Here is what has happened.

Published By: Divya | Published: Aug 15, 2025, 01:58 PM (IST)

cybersecurity-7-1
  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

Cybersecurity firm CloudSEK has exposed what it calls one of the largest and most profitable malware delivery operations in recent years, and it’s being run from Pakistan. The network, allegedly operated by individuals linked through family ties in Bahawalpur and Faisalabad, is accused of using pirated software as bait to infect millions of devices worldwide. news Also Read: Google Removes 224 Android Apps Linked To Massive Ad Fraud Operation: What Should You Do?

The syndicate’s approach was simple but highly effective. They took cracked versions of in-demand software like Adobe After Effects and Internet Download Manager, hid malware such as Lumma Stealer, Meta Stealer, and AMOS inside password-protected files, and spread them through malicious WordPress sites, the report added. To get more victims, they relied on SEO poisoning, forum spam, and even paid ads, blending their activity into normal web traffic to avoid suspicion. news Also Read: This Microsoft AI Agent Automatically Detects And Blocks Malware To End Your Worries: Here's How

Who is Affected? 

CloudSEK’s investigation found that the network had 5,239 registered affiliates running nearly 3,900 malware-hosting sites. Together, these generated 449 million clicks and over 1.88 million installs. The estimated revenue? Around $4.67 million, though the actual figure could be higher due to untracked payments. Most affiliates were paid either through Payoneer (about 67%) or Bitcoin (around 31%), with the top few taking home almost half of the total earnings. news Also Read: 16 Billion Passwords Leaked in Internet’s Biggest Breach: Here’s What You Need To Do Right Now

And then came the unexpected twist! They got a taste of their own medicine. An infostealer malware hit their systems, leaking everything from login credentials and payment records to the links connecting their people, websites, and bank accounts. That trail eventually pointed to two long-running pay-per-install networks – InstallBank.com and SpaxMedia, which later rebranded as Installstera.com.

Rising Cybersecurity Threats In India

All this comes as India sees a sharp rise in cyberattacks ahead of Independence Day 2025. Over 4,000 incidents have been flagged, including phishing attempts, fake domains, and large-scale credential thefts. Groups tied to Pakistan (APT36) and China (APT41) are among those believed to be behind these campaigns.

Trending Now

CloudSEK says large-scale operations like this can run in plain sight by using legitimate payment processors, mainstream ad platforms, and public forums. The company recommends aggressive domain seizures, payment disruption, and public awareness drives to limit the damage.