A movie virus is on the loose, and it seems to be affecting only computers running on the Windows operating system. The said malware which has reportedly gotten over 2,000 downloads pretends to be a torrented movie, The Girl in the Spider’s Web. However, upon its download, it launches ads on web browsers and falsifies the payment address on websites, a media outlet reports.
Malicious File Gets Downloaded From Torrent Website
Based on findings, the source of the malware is from the torrent site, The Pirate Bay (TPB). TPB has been said to be a popular ground for malicious files of this nature. The details of the event that led to the discovery of the virus file show that a security researcher detected it after he downloaded the said movie on his computer.
Upon scanning the file with an Antivirus software, it only revealed a low-level threat even though the computer had been hijacked. As a result, search engines like Google, Bing, and Yandex on being accessed, automatically displays an advertisement which the attacker is using to monetize.
Virus Attack on Web Addresses
Also, Wikipedia now has a cryptocurrency donation button thanks to the effect of the virus. Therefore, a user upon visiting any of the site’s pages will be prompted with a message that the platform now accepts virtual currencies. They are also encouraged to make donations using either of three payment addresses – Bitcoin and Ethereum that have been displayed.
Asides being an ad-injector, the virus also uses its own payment addresses to replace with any Bitcoin and Ethereum address it finds on websites. Here, these addresses are replaced to that of the attacker, and as such, a user on making a payment will send it to the wrong address.
Malware is a .LNK File Which Executes a PowerShell Command
The video file in question is reportedly a .LNK file which has been used since 2013 in pirated videos. This is a file that executes a PowerShell command whose mode of operation extracts a script from the file and begins to carry out its instructions. Accordingly, operators of torrent sites have been admonished to be careful while on the lookout for free versions of videos.
Crypto-related crimes have been on the increase recently, given that these digital assets have been massively adopted over the past year. Therefore, it is not uncommon to see attacks of this nature. In a recent BTCNN report, SIM swapping is a method used to hack a person’s phone number to steal their digital assets from exchanges.