Watch out: Movie Downloads Could Be Windows Malware!
Cybersecurity experts have uncovered hackers embedding malware within pirated movie files. When seeking pirated films online, users should be cautious, as many of these files contain malicious software designed to compromise Windows PCs.
Researchers at Mandiant recently identified a new malware dropper, which introduces threats like Lumma Stealer, Hijack Loader, and CryptBot. Lumma Stealer, for instance, is a well-documented malware that can harvest passwords from web browsers, cookies, credit card details, and cryptocurrency information. It is available as a service subscription, costing between $250 and $1,000 per month.
Known as PEAKLIGHT, this new malware acts as a memory-only dropper. According to Mandiant's report, "This memory-only dropper decrypts and executes a PowerShell-based downloader." The dropper was found within .ZIP archives online, mimicking pirated movies. These archives contained a Windows shortcut file (.LNK) that connects to a CDN hosting an encrypted, memory-based JavaScript when executed.
Mandiant further explained, "PEAKLIGHT is an encrypted PowerShell downloader that checks for ZIP archives in predetermined file paths. If no archives are found, it reaches out to a CDN to download and save the archive."
Using pirated content like movies, music, software, and books to distribute malware is a long-standing tactic. For instance, during the Covid-19 lockdowns, as many users turned to pirated materials for entertainment, hackers exploited this by spreading malicious cryptocurrency-mining malware through fake movie torrents.
One notable example of this practice was with the blockbuster movie John Wick: Chapter 3 - Parabellum, which hackers used to distribute malware.
Earlier, SSP wrote about a new technology for sailing broadcasting.