Thursday, February 20, 2020

Malware Posing as Movie File Manipulates Results and Steals Cryptocurrency

Adedamola Bada
I'm Damola, a computer engineer from Obafemi Awolowo University. A crypto enthusiast, marketer, and writer who is seeking to achieve career excellence through hard work and positive contribution to the organization that aspires for excellence. Contact me on

A new form of malware posing as movie file was discovered last year and was designed to steal cryptocurrency and inject manipulated results into popular sites such as Google, Yandex, and Wikipedia. The surprising thing is that, even after a year of its discovery and several reports of the attack, there’s hardly any confirmed solution to the crypto malware.

Watch me

The malware, while not completely original, has been noticed for its creativity and perfected obscurity: lying right under the nose of an eager movie watcher unseen. As common these days, the malicious file was found waiting in the host of torrented and pirated movies on notorious website, The Pirate Bay.

the pirate bay

This is not the first time that malware of any sort has been found on the popular torrent site; as a matter of fact, the Pirate Bay itself was widely accused of secretly mining cryptocurrencies with its users’ computers last year. However, the new method of infiltration—hail the Trojan Horse—employed by this simple malware accompanied by the astonishingly high number of malicious activities associated with it is definitely interesting.

The malware has sure been lying there for some time, until a security researcher dubbed 0xffff0800 discovered it. The expected wonderful movie—not so great if you are a not a cypherphunk—is the hacker film, The Girl in the Spider’s Web (official trailer). Earlier in the year, a researcher with the hex name reportedly found a .LNK file as a shortcut nestled within the download files and the suspicious icon drew his attention to it. A careful run through the VirusTotal antivirus scanning service revealed some interesting results with some intentionally false in a bid to shroud the main effects.

More in-depth research has however uncovered some details about the thriller hacker movie poised to steal your cryptocurrencies.

The Hackers Poison

The .LNK file is said to execute a PowerShell command which surreptitiously extracts a script from the shortcut. According to BleepingComputer, the malware is a lot more sophisticated than earlier believed, and the initial discovery of the malware’s injection of ads into Google and Yandex’s search results is the least of the problem.

While the malware targets Google’s Search Results by manipulating the top results displayed to a required taste, it also collects fake donations on Wikipedia pages. Once the malware is activated, an ad-banner would appear on the Wikipedia page announcing Wikipedia’s new policy in receiving digital currencies as donations. The Bitcoin and Ethereum addresses given are also part of a more elaborate plan to replace any wallet addresses found on the web page with the scam one: a development that is less likely to be noticed given the length and randomness of a wallet address.

Users have been warned of getting movies from torrent trackers, which in the long run might cost them more than a few hours of entertainment.

Latest News

CVB Financial Corp. Announces Appointment of David A. Brager as new CEO Effective March 16, 2020

David A. Brager, Executive Vice President & Sales Division Manager, will succeed Christopher D. Myers, who is scheduled to...

Nigeria Leads Other African Countries in Regards to Crypto Adoption

Several countries around the world have embraced Bitcoin with open arms, likewise, the "Giant of Africa", Nigeria. Recent data shows that the West African...

How Bank of America’s Partnership with RippleNet could Optimize Cross-Border Payments

Key Points Bank of America to speed up its cross-border payments using RippleNet. The maiden stage of the service will apply only to America...

Europeans Launch First POS Terminal with Bitcoin Payment Option

Ingenico, a French-based payment services company and Salamantex, an Austrian Fintech company have collaborated to launch a point-of-sale (POS) terminal. This POS terminal is...

Bitcoin Thriving In Coronavirus Crisis, Is It All Related?

On the 31st of December 2019, the day the deadly Coronavirus disease (COVD-19) was first identified in China, Bitcoin price value stood at $7251.95. Today, Thursday 19th of February, 2020, Bitcoin price value currently rests above $10,100.
- Advertisement -