Malware Masked as a Movie File Could Steal Your Cryptocurrency

The Pirate Bay is the infamous torrent-based file sharing site used all over the world. Malware on a torrent site like The Pirate Bay is nothing new. However, a new kind of malware has infiltrated the site. It poses as a movie file but in reality when downloaded it can perform a lot of malicious activity on your computer. Activities like injecting content from the attacker into websites such as Wikipedia, Google or Yandex Search. Oh, and it can also steal your cryptocurrencies.

The file was initially found by a security researcher 0xffff0800 when he tried downloading the movie The Girl in the Spider’s Web from The Pirate Bay. The movie had 2,375 seeders at the time of the download. ‘Seeders’ means the number of users who are uploading the file for others to download after they’ve successfully downloaded the file themselves. What he ended up downloading was not the actual movie file but rather a suspicious looking .LNK shortcut that executed a PowerShell command. A PowerShell command is used to perform actions on your computer by giving it highly technical commands that normal users are unlikely to comprehend.

When downloaded, if the victim goes to Wikipedia, the malware tries to inject a mechanism to show a fake donation banner that shows users that Wikipedia accepts donations through cryptocurrency. Wallet addresses for Bitcoin and Ethereum are attached to the banner for donations. The Bitcoin wallet had $70 worth of cryptocurrency at one point and the Ethereum wallet had ETH worth of about $600.

Another malicious activity by the malware includes replacing Bitcoin wallet addresses on other sites. Because of the complicated strings of characters that wallet addresses are, it is very hard for users to be able to tell the difference between any two addresses just by looking.

Cryptocurrencies have always been known to attract the wrong kind of attention. The attention of money launderers, drug cartels, criminals and hackers. This is just another story in a long string of such stories where the public’s lack of crypto knowledge is targeted in an attack to rob them of their cryptocurrencies. This practice can only be curbed through continued efforts to raise public awareness regarding cryptocurrencies and how to take the necessary steps to keep them secure.