According to a recent BleepingComputer article it all starts with a single downloaded movie from a torrent site. Instead of a video file you’ll find a .LNK shortcut though that executes a PowerShell command after you click on it. Then all hell breaks loose.
The malware modifies registry keys that in turn disable the Windows Defender, installs a Firefox extension called “Firefox Protection“ (because why would you ever uninstall anything that has protection in its name, right?), and hijacks a Chrome extension called “Chrome Media Router”.
If you start up the browser the malware does its work. It injects search results in your search queries as well as on other pages and inserts a fake donation banner on Wikipedia (of course only cryptocurrency is accepted). All in all this is nothing you want to happen, because how would you normally differentiate between a real search result or donation link and a fake one?
Now – if you ask yourself as to how to stay secure the answer is pretty easy: Don’t download movies illegally. No matter where you do it, there are always risks involved. Other than that it’s always handy to have a good Antivirus installed.