We at Tom's Guide have long stressed that if you want software, buy it. It's a lot cheaper than having your online credentials stolen.

A new malware called CopperStealer is lurking in "cracked" software downloads available on pirated content sites, and this malware can compromise login information to services such as Amazon, Apple, Facebook, and Google. Login information can be compromised.

This information comes courtesy of Proofpoint, a security firm based in Sunnyvale, Calif. In a blog post yesterday (March 19), a Proofpoint employee detailed the CopperStealer investigation, including how it is distributed and what it does.

Notably, CopperStealer operates on the same basic principles as SilentFade, the malicious malware that trashed Facebook accounts in 2019.

First of all, if you don't want CopperStealer to infect your computer, don't download items from cracked software or keygen sites. That's really all there is to it.

CopperStealer seems to target people only through popular keygen and software crack download sites, so users who purchase software through legitimate (or gray market) means are not at risk.

If you are one of the unfortunate thieves who has fallen for CopperStealer, there is still hope: CopperStealer is not particularly sophisticated malware and can be quickly eliminated by the best anti-virus programs.

However, almost all of your online passwords need to be changed, especially if you tend to reuse passwords for multiple sites.

Tom's Guide also recommends enabling 2FA for online accounts that offer two-factor authentication (2FA). While it is possible for a very dedicated cybercriminal to circumvent this, 2FA is at least a second line of defense in the event that a password is stolen. This should give you enough time to change your password before things get really bad.

Here's how CopperStealer works. First, users in need of money visit a well-known cracked software or keygen site. Then, they try to download the cracked software or keygen program.

("keygen" stands for "key generation". Most legitimate paid software requires a product key to run. If you can create a convincing fake key, it can often be used just like the real thing).

However, instead of (or in addition to) Windows 10 or Photoshop, one would use CopperStealer.

The program runs in the background and scans web browsers for login information and user access tokens. but Safari does not appear to be a possible target.

Proofpoint has not provided an exhaustive list of login information that CopperStealer can discover. However, Apple, Amazon, Bing, Google, PayPal, Tumblr, and Twitter accounts are all compromised, as is Facebook.

Since most of these services have payment options, it would not take a particularly devious criminal to steal credit card information or make at least some illicit purchases. (There is also a 2FA option that protects your account even if your password is stolen.)

CopperStealer has one more nasty trick - a "downloader" feature that installs additional malware without the user's knowledge. The usual choices include keyloggers, ransomware, viruses, and programs that turn the PC into a botnet for cryptocurrency mining.

The good news is that Proofpoint has worked with Cloudflare, which provides network and security services to hundreds of major websites, to block the flow of CopperStealer malware.

But in the meantime, don't feel too safe with cracked software sites. Security firms and cybercriminals are in a constant arms race, and the next ubiquitous method of malware distribution is probably just around the corner.