Microsoft catches cybercriminals adding malware to "John Wick 3," "Contagion" torrents

In a Twitter thread, Microsoft warned people in Spain and South America to watch what they torrent.

Mimecast tracks Malware-as-a-Service trend in analysis of 202 billion emails

With everyone spending a lot more time in front of the TV at home these days, thanks to COVID-19, streaming sites and torrents have seen record booms in interest. Countries around the world are seeing huge spikes in torrent downloads of movies, games, and music as people find ways to pass the time inside.
 
Cybercriminals have taken notice as well, increasingly lacing popular movie torrents with dangerous malware that can damage your device.
 
In a recent thread on Twitter, Microsoft Security Intelligence wrote at length that the team saw malware attached to torrents for popular "John Wick 3" and "Contagion" in Spain, Mexico, and a number of South American countries.
 
"With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads. We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads," Microsoft Security Intelligence wrote on Twitter.
 
"The campaign, primarily observed in Spain but has also shown up in some South American countries, aims to launch a coin-mining shellcode directly in memory. We're seeing the campaign affecting a wide range of customers, from home users to enterprises. The ZIP files pose as popular Hollywood movies with file names like 'contagio-1080p,' 'John_Wick_3_Parabellum,' 'Punales_por_la_espalda_BluRay_1080p,' as well as Spanish titles like 'La_hija_de_un_ladron' and 'Lo-dejo-cuando-quiera.'"

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

Multiple sites have reported that torrent downloads have nearly doubled since COVID-19 began to spread around the world and government's put in place a number of measures to stop the spread. The BBC quoted piracy-monitoring company Muso in reporting that in Spain, there is a 50% increase in visits to film-piracy sites since before lockdown measures went into effect. The United States has seen a 41% increase, while dozens of other countries also hover around 40%.

Tim Erlin, VP of product management and strategy at Tripwire, said that with the massive increase in people consuming digital content from home, it's no surprise that attackers have taken aim at this target-rich environment. There are nearly infinite ways to get a victim to click on something, and attackers will always evolve to try new, and even return to old, means if they think they might be effective, he said.

"Embedding malware in illegal content, whether movies, music, or apps is a fairly common strategy for attackers. The population that downloads such content is, by definition, more risk-tolerant and less likely to disclose where the malware came from. The specific type of content shifts based on what's most successful for attackers," Erlin said. 

He added that obviously people should avoid illegal content because it is tough to protect yourself, but for those willing to take the leap, keeping your system or device up to date, or even using a completely separate system, would provide some protection. 

SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)

In an email interview, director of security research of Microsoft Threat Protection Tanmay Ganacharya echoes those statements, saying that spreading malware via torrent downloads is a commonly used technique. 

He suggested using modern operating systems and sophisticated security solutions to protect against all attacks using machine-learning algorithms with sensors that collect and process behavioral signals from the operating system.

"We have seen many campaigns leverage this technique over the years. This technique is not new. We have seen other malware families leverage these techniques in the past as well," Ganacharya said.

Also see

Frightened man

Image: photoschmidt, Getty Images/iStockphoto