Unveiling the Mechanism Behind a New Trojan Delivery System
The latest wave of cyber threats has emerged from an unexpected source: torrent downloads. A recent analysis reveals that a seemingly innocuous archive, disguised as an M2TS video file, is being used to deliver a Trojan horse. This archive includes a subtitle file and a shortcut labeled “CD.link,” which, when clicked, activates the malicious software. While seasoned users are likely to click only on the video file, less experienced individuals may inadvertently expose themselves to danger.
Interestingly, the subtitle file contains genuine text, but it also conceals harmful code within some of its lines. This duality complicates detection efforts, as the malware employs a Living off the Land (LOTL) strategy. By leveraging legitimate Windows tools such as CMD, PowerShell, and Task Scheduler, the malware extracts encrypted data, ultimately gaining control over the targeted device. Once compromised, the device can serve as a launchpad for further hacking endeavors.
This isn’t the first instance of malware lurking in popular torrent downloads. In May, attackers disseminated the Lumma Stealer information stealer, developed by a Russian programmer, through a torrent of “Mission: Impossible – Fallout.” This malware was designed to capture passwords, cookies, and other sensitive credentials. Regarding the current threat associated with “Battle for Battle,” it has been detected in only a single torrent download thus far, leaving its overall prevalence uncertain. However, according to Bitdefender, the package has already garnered several thousand downloads.
The choice of “Battle for Battle” as a target appears to be a calculated move. Despite not being a box office hit, the film has generated considerable buzz, having received nine Golden Globe nominations and five mentions on the Oscars shortlist. For those interested in viewing the film through legitimate channels, it will be available digitally on HBO Max starting December 19.
