Cryptojacking Threat: Malware Movie Torrents Steals Crypto And Inserts Fake Wikipedia Donation Banners

Breaking: Torrent Malware That Phishes Crypto Currently Doing The Rounds Online

It has recently come to light that a new strain of malware that is currently circulating across a host of different Torrent websites is infecting the machines of crypto owners that make use of the Windows OS. To be even more specific, the malware comes encapsulated within various popular illegal movie files which once downloaded compromise the integrity of our computer’s security protocols.

A Detailed Look At The Issue

As mentioned earlier, the malware’s native script is embedded within various movie files that can presently be found online and shared via torrent. The code is designed to execute a complex chain of commands so as to infect one’s internet browser — which ultimately results in the malware switching “BTC/ ETH addresses displayed in web pages for new addresses controlled by the malware creator”.

The code was recently unearthed by an independent researcher called ’@0xffff0800’. Upon presenting his findings online, security website ‘Bleeping Computer’ delved even deeper into the matter so as to dissect the malicious software completely.

Technical Outlook

As per a recent tweet released by 0xffff0800, the harmful script has been posing as a .avi file while actually being a .LNK data container — an extension that is commonly used by Windows to point to an executable file.

As soon as a user clicks on the .LNK file, the malware launches Windows PowerShell— a command line interface normally used to run system administration tasks. By gaining this level of access to one’s PC, the malicious code is then able to systematically disable our device’s security protocols (such as the native Windows Defender virus protection system along with any other antivirus programs). Not only that but it also forcibly installs certain extensions on both Firefox and Chrome browsers so as to make its task easier in the future.

When either of the aforementioned browsers are opened, the malicious extensions are automatically able to “change the text of a webpage without the users' knowledge”. In addition to all this, the malware also injects specific code into one’s everyday web pages which then force the appearance of unwanted adverts on our screens.

More On The Matter

One of the first attacks that the malware deploys is that of introducing a malicious donation link to any Wikipedia page that a person might visit. Similarly, the other attack is carried out via a function named ‘findAndReplaceWalletAddresses’ which uses one’s regular expression searches to “detect when a bitcoin or Ethereum address has been copied to the native Windows clipboard, following which it substitutes a new address for the pasted result”.

Final Take

At the time of writing this article, the aforementioned scammy bitcoin wallet listed on the fake Wikipedia page has received a total of $70.92 while the other fraudulent wallet has been able to amass $13.10.

With that being said, it is worth noting that both of the aforementioned wallets have made one outgoing transaction— wherein they sent $5,400 and $3,134 respectively to two other addresses.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide