You discover a new torrent for a movie and think to yourself, “Awesome, I can watch a movie for free tonight.” I totally get that excited feeling! However, in this case, downloading this torrent may create serious problems for you. A torrent subtitle "One Battle After Another" is designed to look legit but is actually loaded with malware embedded in its subtitle files. Unfortunately, many users may not realize this until they have already downloaded the malware.
The following describes how one type of fake torrent is set up:
The hidden code installed an Agent Tesla malware program, which allows the hacker to do the following:
It uses normal Windows files to complete its infection, making it difficult for antivirus programs to immediately identify it as malicious.
What Makes This Torrent Appear Safe?
For the most part, everything appears to be fine at first glance. The folder contains a movie file, several subtitle files, and a shortcut which appears to work for playing the movie back. There are countless torrents that have been created this way, so most people will likely trust this one as well.The following describes how one type of fake torrent is set up:
- A folder containing an apparently normal movie file
- Subtitle files with generic titles (e.g., "subtitles" or "English" subtitles)
- A fake shortcut to a movie file that is an actual shortcut to a subtitle file
How Subtitle Files Are Used To Spread Malware
The subtitle file becomes the method for spreading the malicious code. Most people view subtitle files as safe because they do not suspect they would contain a virus. When you click the shortcut to open the video file instead of opening the actual video file, your computer executes the hidden code in the subtitle file.The hidden code installed an Agent Tesla malware program, which allows the hacker to do the following:
- Obtain all your saved passwords
- Monitor everything you type
- Capture screen shots
- Gain remote access to your computer
Why This Trick Is A Risky Option
While not technically a scam like the ones of years past, this trick appears smarter because it disguises itself very well as a legitimate download and doesn't seem obviously like a harmful virus when you look at it.It uses normal Windows files to complete its infection, making it difficult for antivirus programs to immediately identify it as malicious.
Follow My Recommendations To Keep Your Computer Protected
I follow three simple guidelines to help keep my computer systems protected:- Do not download any pirated content (e.g., pirated torrents).
- Do not open shortcuts from unknown sources.
- Keep your virus protection and Windows Security enabled always.
