Torrent Malware Goes Down as Pirated Streaming Usage Increases April 1, 2019 https://www.bleepingcomputer.com/ne...es-down-as-pirated-streaming-usage-increases/
Where do you have to download torrents from in order to get a malware infection? I've downloaded from ThePirateBay for years and the only thing I've seen are .zips that try to make you go to a website to answer weird surveys to get the (non-existent) password.
The malware is usually in the popular torrents with lots of seeders, the ones offering trendy content. If you download Yehudi Menuhin playing Bach Sonatas, well, you are not going to find much malware there...
The article in the OP says that the malware fools you into thinking that you are running the playback file, when you are really running the malware. In more detail: "...each malicious file hidden behind the title has reached an average of three users." Trojans (33%), downloaders (21%), and adware (28%) were the two most popular threats embedded in TV shows, which are usually delivered within a hidden folder and get launched by unsuspecting victims via a shortcut that replaces the actual TV episode."
Ahh.. so the victims are clicking on a shortcut that runs an executable. That would do it. It's also the wrong way view a video. You're supposed to drag-n-drop it into your video player, like VLC or WMP. Or make sure it's an actual video you're clicking on.
That should protect you. Here's more details: " The common scenario is this: the user downloads a torrent file or receives an archive with a shortcut by email. At first glance the package contains a copy of the long-awaited episode. Yet, apart from the shortcut, the archive will also contain a hidden folder with the ‘system’ attribute on, making it invisible even if Windows Explorer is configured to display hidden files. By clicking on the shortcut in hope to watch the video, the user will launch the AutoIt script sitting in the hidden folder along with its interpreter and several other .lnk files. AutoIt is a worm that spreads through removable disks and runs a backdoor, which is then added to autorun (writing paths to the .lnk files from the hidden folder) and used to accomplish the following actions: Display a specified message Execute commands in cmd.exe Download and launch to% Temp% files Shutdown/restart computer Go to a specified URL Auto-click various webpage items Terminate, restart, update itself "
I'm using Simple Software Restriction Policies which means I can't run an .exe in my torrent folder even if I tried
Almost got done once with a tv show that was fresh out, with mkv.exe file and blindly clicked on it with the UAC saving me. Timing was perfect as show hadn't even been broadcast yet. Otherwise never had a problem, but wasn't there something here recently about drive by problems from ads at Pirate Bay?
Malicious campaign targets South Korean users with backdoor-laced torrents ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure July 8, 2019 https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
