chepicap.com
In yet another example of torrents and crypto being levereged for hackers, the security website Bleeping Computer has revealed malware hidden in movie torrent files designed to steal cryptocurrency from Windows computers.
The malware uses a common .LNK file to launch a Power Shell command to inject some malicious code into a Firefox browser, adding links which attempt to phish a victim out of crypto. The virus is designed to search any webpage a user loads for Ethereum and Bitcoin addresses, and replace any with a new link to the hacker’s wallet.
Additionally, the virus injects JavaScript code of its own onto well known websites to try to get users to fork over their crypto. For example, when a user with the virus loads Wikipedia, their infected Firefox web browser adds a fake donation barrier which notes that Wikipedia accepts cryptocurrency. The cryptocurrency address links to a malicious wallet, which is almost certainly not connected to anyone in involved in Wikipedia.
The malware is extensive and features a number of other attack vectors, including adding fake ads to Google results. The original malware is included, appropriately enough, in a torrent file for the hacker movie the Girl in the Spider’s Nest. The crypto wallets have over $600 in ‘donations’ and the torrent file has 2,375 seeders, so this is a good reminder that torrent files frequently contain malicious files. As crypto becomes more popular and extensive, its likely that it will consistently be used as a way for hackers to monetize their exploits.
Read more: Beware of viruses coming through Telegram channels