Malware Posing as Movie File Manipulates Results and Steals Cryptocurrency

A new form of malware posing as movie file was discovered last year and was designed to steal cryptocurrency and inject manipulated results into popular sites such as Google, Yandex, and Wikipedia. The surprising thing is that, even after a year of its discovery and several reports of the attack, there’s hardly any confirmed solution to the crypto malware.

Watch me

The malware, while not completely original, has been noticed for its creativity and perfected obscurity: lying right under the nose of an eager movie watcher unseen. As common these days, the malicious file was found waiting in the host of torrented and pirated movies on notorious website, The Pirate Bay.

the pirate bay

This is not the first time that malware of any sort has been found on the popular torrent site; as a matter of fact, the Pirate Bay itself was widely accused of secretly mining cryptocurrencies with its users’ computers last year. However, the new method of infiltration—hail the Trojan Horse—employed by this simple malware accompanied by the astonishingly high number of malicious activities associated with it is definitely interesting.

The malware has sure been lying there for some time, until a security researcher dubbed 0xffff0800 discovered it. The expected wonderful movie—not so great if you are a not a cypherphunk—is the hacker film, The Girl in the Spider’s Web (official trailer). Earlier in the year, a researcher with the hex name reportedly found a .LNK file as a shortcut nestled within the download files and the suspicious icon drew his attention to it. A careful run through the VirusTotal antivirus scanning service revealed some interesting results with some intentionally false in a bid to shroud the main effects.

More in-depth research has however uncovered some details about the thriller hacker movie poised to steal your cryptocurrencies.

The Hackers Poison

The .LNK file is said to execute a PowerShell command which surreptitiously extracts a script from the shortcut. According to BleepingComputer, the malware is a lot more sophisticated than earlier believed, and the initial discovery of the malware’s injection of ads into Google and Yandex’s search results is the least of the problem.

While the malware targets Google’s Search Results by manipulating the top results displayed to a required taste, it also collects fake donations on Wikipedia pages. Once the malware is activated, an ad-banner would appear on the Wikipedia page announcing Wikipedia’s new policy in receiving digital currencies as donations. The Bitcoin and Ethereum addresses given are also part of a more elaborate plan to replace any wallet addresses found on the web page with the scam one: a development that is less likely to be noticed given the length and randomness of a wallet address.

Users have been warned of getting movies from torrent trackers, which in the long run might cost them more than a few hours of entertainment.

Related posts
cryptocurrencyDOGEdogecoinDOGEUSDElon MuskNews

More Than Just A ‘Joke Coin’: Elon Musk Reveals How He Feels About Dogecoin

For a long time, DOGE skeptics have wondered what Billionaire Elon Musk found promising about the meme-asset. And as if the Tesla CEO set out to answer their questions today, he disclosed in a very recent tweet, why he believes…
Bank of EnglandBitcoin NewsbtcusdBTCUSDCBTCUSDTcryptocurrencyCryptocurrency NewsNewsxbtusd

Bank of England Governor Andrew Bailey is Giving Crypto a Thumbs Down — Here’s Why

The Governor of the Bank of England, Andrew Bailey, at the World Economic Forum, Davos, Switzerland; on Thursday, passed a vote of no confidence on cryptocurrencies, stating that investors must get ready to suffer total investment losses eventually. “Bitcoin has no…
cryptocurrencyDOGEdogecoinDOGEUSDElon MuskNews

Be Careful! Elon Musk Warns As Dogecoin Soars On SNL Eve

In the warm-up to a special Saturday Night Live Edition featuring the self-acclaimed billionaire dogefather, Elon Musk, Dogecoin (DOGE) has recorded tremendous speculative success and is currently sprinting past the $0.6 mark in a bid to cross the $1 epic…