Beware: Those movie downloads could actually just be malicious new Windows malware
Be careful when searching for pirated movies online. Experts warn that there are many files on the market that infect your Windows PCs with dangerous malware and infostealers.
Cybersecurity researchers at Mandiant recently discovered a new malware dropper that infects victims with Lumma Stealer, Hijack Loader, and CryptBot.
For example, Lumma is a well-known piece of malware that has been widely covered in the media. It can capture passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, with a subscription price ranging from $250 to $1,000.
Download malware
The dropper is called PEAKLIGHT. It appears to be brand new and works as a memory-only dropper: “This memory-only dropper decodes and executes a PowerShell-based downloader,” Mandiant said in a technical paper.
The researchers spotted the dropper in .ZIP archives on the Internet, which pretended to be pirated movies. These archives contained a Windows shortcut file (.LNK) that, when executed, connected to a content delivery network (CDN) hosting an obfuscated, memory-only JavaScript.
“PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths,” Mandiant added. “If the archives do not exist, the downloader will contact a CDN site and download the externally hosted archive file and save it to disk.”
Pirated content, including movies, music, software and books, has been used to spread malware for years. During the Covid lockdowns, as people hunkered down indoors looking for ways to pass the time, many turned to pirated content – and hackers took advantage of this by spreading malicious cryptocurrency mining malware via fake movie torrents.
The movie John Wick: Chapter 3 – Parabellum was a box office hit at the time and was one of the films used to spread malware.
Via The Hacker News