Crooks spread malware via pirated movies during COVID-19 outbreak

Pierluigi Paganini April 30, 2020

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic.

With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed.

Crooks are attempting to take advantage of COVID-19 pandemic spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns.

Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads.

“The ZIP files pose as popular Hollywood movies with file names like “contagio-1080p”, “John_Wick_3_Parabellum”, “Punales_por_la_espalda_BluRay_1080p”, as well as Spanish titles like “La_hija_de_un_ladron” and “Lo-dejo-cuando-quiera”.” reads the Tweet published by the Microsoft Security Intelligence team.

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. We’re seeing the campaign affecting a wide range of customers, from home users to enterprises.

The attackers behind this campaign are primarily targeting home users to enterprises from Spain and some South America, operators attempt to launch the coinminer directly into the compromised devices’ memory.

Upon executing the VBScript on computers of home users, it will also download additional payloads in the background by abusing living-off-the-land binaries (LOLbins) such as the legitimate command-line BITSAdmin tool.

One of these additional payloads is an AutoIT script that decodes a second-stage DLL into the infected computer’s memory, which loads a third DLL that injects coin-mining code into a notepad.exe process through process hollowing.

“The use of torrent downloads is consistent with our observation that attackers are repurposing old techniques to take advantage of the current crisis,” continues Microsoft.

The abuse of nothing new, however, as high-profile movies and TV shows are frequently used as social engineering baits promising early previews either in the form of malicious files disguised as early released copies or fake streaming sites.

In March 2019, Cybaze-Yoroi Z-Lab researchers conducted a study on the risks related to the use of the BitTorrent protocol to download movies, games or pirated software. The analysis shed light on the risk faced by users while searching for movies, games, and software on popular BitTorrent trackers. The experts analyzed dozens of torrents and discovered that most of them were delivered in bundle with malware or Adware, exposing at risk of infection the average user with a few interactions.

In this analysis, researcher downloaded torrents belonging to 3 different categories of interest: Movies, Games and Software

To avoid being infected with malware, home users are recommended to access only legal streaming platforms.

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – pirate streaming services, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment