Tuesday, November 12, 2019

Malware Posing as Movie File Manipulates Results and Steals Cryptocurrency

Adedamola Bada
I'm Damola, a computer engineer from Obafemi Awolowo University. A crypto enthusiast, marketer, and writer who is seeking to achieve career excellence through hard work and positive contribution to the organization that aspires for excellence. Contact me on [email protected]

A new form of malware posing as movie file was discovered last year and was designed to steal cryptocurrency and inject manipulated results into popular sites such as Google, Yandex, and Wikipedia. The surprising thing is that, even after a year of its discovery and several reports of the attack, there’s hardly any confirmed solution to the crypto malware.

Watch me

The malware, while not completely original, has been noticed for its creativity and perfected obscurity: lying right under the nose of an eager movie watcher unseen. As common these days, the malicious file was found waiting in the host of torrented and pirated movies on notorious website, The Pirate Bay.

the pirate bay

This is not the first time that malware of any sort has been found on the popular torrent site; as a matter of fact, the Pirate Bay itself was widely accused of secretly mining cryptocurrencies with its users’ computers last year. However, the new method of infiltration—hail the Trojan Horse—employed by this simple malware accompanied by the astonishingly high number of malicious activities associated with it is definitely interesting.

The malware has sure been lying there for some time, until a security researcher dubbed 0xffff0800 discovered it. The expected wonderful movie—not so great if you are a not a cypherphunk—is the hacker film, The Girl in the Spider’s Web (official trailer). Earlier in the year, a researcher with the hex name reportedly found a .LNK file as a shortcut nestled within the download files and the suspicious icon drew his attention to it. A careful run through the VirusTotal antivirus scanning service revealed some interesting results with some intentionally false in a bid to shroud the main effects.

More in-depth research has however uncovered some details about the thriller hacker movie poised to steal your cryptocurrencies.

The Hackers Poison

The .LNK file is said to execute a PowerShell command which surreptitiously extracts a script from the shortcut. According to BleepingComputer, the malware is a lot more sophisticated than earlier believed, and the initial discovery of the malware’s injection of ads into Google and Yandex’s search results is the least of the problem.

While the malware targets Google’s Search Results by manipulating the top results displayed to a required taste, it also collects fake donations on Wikipedia pages. Once the malware is activated, an ad-banner would appear on the Wikipedia page announcing Wikipedia’s new policy in receiving digital currencies as donations. The Bitcoin and Ethereum addresses given are also part of a more elaborate plan to replace any wallet addresses found on the web page with the scam one: a development that is less likely to be noticed given the length and randomness of a wallet address.

Users have been warned of getting movies from torrent trackers, which in the long run might cost them more than a few hours of entertainment.

- Advertisement -
- Advertisement -

Latest News

Bitcoin (BTC) Price Turned Sell On Rallies Towards $9K

Bitcoin price is trading in a bearish zone below the $8,880 and $9,000 resistances against the US Dollar. The price...

Crypto Market Cap & Bitcoin Declining: BCH, Litecoin, ADA, TRX Analysis

The total crypto market cap is struggling to stay above the $225.0B support area. Bitcoin price is down around 3% and it is trading well...

Ripple (XRP) Price Remains At Risk Of More Losses

Ripple price is trading in a bearish zone below the $0.2840 resistance against the US dollar. The price is struggling to hold the key support...

Highly Anticipated “Bithumb Coin” Officially Announced by Bithumb Global

SINGAPORE--(BUSINESS WIRE)--Bithumb Global, the leading digital asset exchange in the world, announces the highly anticipated crypto asset, Bithumb Coin (BT), which is the native...

Ethereum (ETH) Stuck In Range While Bitcoin Is Sliding

Ethereum price failed to continue above $190 and declined below $188 against the US Dollar. The price is currently correcting higher, but it is likely...