Security analysts have discovered new malware that is spreading through The Pirate Bay – one of the most popular torrent download websites. This threat is called PirateMatryoshka, after the famous Russian doll – grandmother.
The harmful software aims to “sneak” into the computer with the help of adware and tools for additional malware installation, with a multilayered structure and seemingly infinite functionality and a variety of harm, and hence comes the inspiration for the name PirateMatryoshka.
Torrent services are mainly used to distribute “pirated” content, which in many countries of the world is banned, but they remain available online. These services are a popular target for cyber criminals, and because the perpetrators remain legal in our country, be alerted that the new threat can seriously harm you, your computer and your data.
The newly discovered malware called PirateMatryoshka carries Trojan-downloader (a malware that downloads malicious installers) into a hacker version of legitimate software that is used for everyday PC activities.
While most malicious codes spread through newly set user accounts (seeders), PirateMatryoshka spreads through existing seeders without a known history of malicious activity. Thanks to this, this is an effective way of distribution due to the good reputation of seeders, and potential victims have no reason to doubt the security of the file.
Photo: Kaspersky Lab
When the user clicks on the installation program, the process of infection with PirateMatryoshka starts. First, the victim is shown a copy of The Pirate Bay page, which is in fact a phishing page and requires them to enter their credentials to continue the installation. Later, malware uses these credentials to create new seeders, which will distribute harmful software even more widely. Studies have shown that up to 10,000 phishing links have been accessed so far.
The infection process continues even if user data is not entered, while malware extracts malicious modules. It contains a harmful “clicker” which, among other things, can check the Agree field, which starts the adware installation, flooding the victim’s computer with unwanted software.
To protect your computer and your security, use only legitimate software downloaded from official websites. Before installing anything, pay attention to the authenticity of the page and do not accept anything from questionable pages. Be careful, because it is about you and your personal data!