Watch out — those movie downloads could actually just be vicious new Windows malware

News
By
published

Hackers are once again hiding malware in pirated movie files

pixabay
(Image credit: Pixabay)
Jump to:

Be careful when looking for pirated movies online - experts have warners many files are out there just to infect your Windows PCs with dangerous malware and infostealers.

Cybersecurity researchers from Mandiant have recently discovered a new malware dropper, infecting victims with Lumma Stealer, Hijack Loader, and CryptBot.

Lumma, for example, is a known piece of malware that’s been extensively covered by the media. It is capable of grabbing passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, for a subscription fee ranging between $250 and $1,000.

Downloading malware

The dropper is dubbed PEAKLIGHT. It appears to be brand new, and works as a memory-only dropper: "This memory-only dropper decrypts and executes a PowerShell-based downloader," Mandiant said in a technical write-up.

The researchers saw the dropper in .ZIP archives on the internet, pretending to be pirated movies. These archives contained a Windows shortcut file (.LNK) which, when ran, connects to a content delivery network (CDN) hosting an obfuscated, memory-only, JavaScript.

"PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths," Mandiant added. "If the archives do not exist, the downloader will reach out to a CDN site and download the remotely hosted archive file and save it to disk."

Pirated content, including movies, music, software, and books, have been used to distribute malware for years. During the Covid lockdowns, as people were stuck inside and looking for ways to kill the time, many turned to pirated content - and hackers took advantage, distributing malicious cryptocurrency-mining malware via fake film torrents.

The movie John Wick: Chapter 3 - Parabellum - which was a blockbuster hit at the time, was one of the movies used to distribute malware.

Via The Hacker News

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.