A fake copy of the movie One Battle After Another starring Leonardo DiCaprio, distributed via torrent networks, hides dangerous malware in the subtitles. It will get worse, warns firm.
Cybersecurity firm BitDefender discovered the threat and is highlighting the new method used to spread dangerous malware to Windows computers.
Once the malware is installed on the user's Windows PC, the attackers gain unrestricted access to the computer.
- "This type of malware is designed with a single purpose: to provide attackers with unfettered access to the victim's Windows computer. Once they have a foothold, criminals can access the computer remotely and steal financial and personal information or use the device to launch additional attacks," BitDefender warns.
Malware hidden in subtitles
The malware (Agent Tesla) is well known, but the method used to spread it is new, according to BitDefender. It is shared via torrents and a fake version of the movie One Battle After Another – possibly other movie titles, too.
However, many users apparently do not realize that the movie is missing before the malware has already been installed. BitDefender claims that several thousand users have fallen for the trick.
Inside the torrent file is a shortcut file called CD.lnk, which indicates that it starts One Battle After Another. When CD.lnk is opened, it triggers a chain of scripts that use legitimate Windows processes to install the malware; first a PowerShell command hidden in the subtitle file on line 5005. The rest of the subtitle file is normal.
BitDefender describes the entire process in a blog post. See the source link.
Raising the alarm: It will get worse
There have previously been examples of torrent files posing as new movies spreading malware.
- "For example, Mission: Impossible – The Final Reckoning was used to spread the Lumma Stealer, which targets passwords, cookies, crypto wallets, credentials from remote desktop tools, and more," BitDefender writes.
The security firm expects the situation to get worse in the future.
- "Over the past couple of years, the number of infected torrent files promising the latest TV shows and movies has skyrocketed. It's becoming abundantly clear that attackers have discovered a viable attack vector. And it seems that Agent Tesla is slowly becoming one of the attacker's favorite tools."
- Source: BitDefender
