Microsoft has issued a warning over the dangers of streaming and downloading movies illegally. According to the company, a fresh malware campaign is actively targeting would-be pirates.
Torrenting sites and illegal streaming have seen a spike in traffic since lockdown guidelines were implemented in most parts of the world. With the ongoing health crisis, people are looking for economical ways to entertain themselves.
Torrenting is a type of peer-to-peer file sharing that sees multiple individuals offer up their files to facilitate a download, as opposed to the recipient relying on a single file source. While the practice is technically legitimate, torrents are most famously used to circulate pirated films, series, and music - and sometimes malware.
On Twitter, Microsoft explained that hackers are taking advantage of the COVID-19 social distancing guidelines as most people are ordered to stay in their homes. Piracy has been on the rise since then, with attackers actively distributing malicious cryptocurrency mining malware via fake film torrents.
"We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads...We're seeing the campaign affecting a wide range of customers, from home users to enterprises," said the Twitter thread from Microsoft Security Intelligence. "With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads."
The malicious VBScript runs a command line that uses BITSAdmin to download more components - including an AutoIT script, which decodes a second-stage DLL. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. Some claim to offer free Netflix subscriptions but instead harvest the user's credentials, including usernames and passwords.
Hackers are most active in Spain, with popular titles such as "John Wick: Chapter 3 - Parabellum," along with Spanish-language titles including "Punales Por La Espalda," "La Hija de un Ladrón and Lo Dejo Cuando Quiera" - as well as "Contagio," the Spanish-dubbed version of "Contagion."
Once your device gets infected with the crypto-mining malware, it runs indefinitely in the background, eating up internet bandwidth and processing power. One tell-tale sign of an infected device is a sudden slowdown of computer performance.
There appears to be no sign of the malware attacking English-speaking regions, and no trace of it can be found on popular torrenting sites like Pirate Bay. Nonetheless, Microsoft hopes to discourage people from downloading from illegal sources.
