While the payload included the promised functionality, which itself accounts for piracy, it also delivered “sophisticated” malware directly onto users’ computers.
Because Foxit’s installation directory resides in the “Program Files” folder, Kaspersky noted that FoxitCrack asks for administrator access, which is later used for malicious purposes.
Privilege escalation through vulnerable driver
Somewhere during the legitimate-looking execution chain, malicious files are unpacked, dropping the SteelFox malware onto the victim machine to collect browser details, including cookies, credit card data, browsing history, and software details, including installed software, antivirus solutions, running services, and installed add-ons.