Fake torrent movies infect PCs to hijack browsers and inject fake content

There is almost nothing more relaxing to sit on a couch, drink a hot beverage and watch a movie while it is cold and snowy outside. But wait – the movie you want is not on Amazon Prime or Netflix! What to do? Right … just download it from one of the more common Torrent sites.

Illegally downloading movies (from big Torrent pages like ThePirateBay or YTS) is still quite common. People often forget that you not only can get into trouble for it but that it also has its risks when it comes to computer security. A simple movie download can lead to a plethora of issues – like an infested PC, ad injections, and more.

Fake search results and donation banners

According to a recent BleepingComputer article it all starts with a single downloaded movie from a torrent site. Instead of a video file you’ll find a .LNK shortcut though that executes a PowerShell command after you click on it. Then all hell breaks loose.

The malware modifies registry keys that in turn disable the Windows Defender, installs a Firefox extension called “Firefox Protection“ (because why would you ever uninstall anything that has protection in its name, right?), and hijacks a Chrome extension called “Chrome Media Router”.

If you start up the browser the malware does its work. It injects search results in your search queries as well as on other pages and inserts a fake donation banner on Wikipedia (of course only cryptocurrency is accepted). All in all this is nothing you want to happen, because how would you normally differentiate between a real search result or donation link and a fake one?

Image: BleepingComputer

What you can do to protect yourself

Now – if you ask yourself as to how to stay secure the answer is pretty easy: Don’t download movies illegally. No matter where you do it, there are always risks involved. Other than that it’s always handy to have a good Antivirus installed.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.