Be careful when downloading files from torrents

Despite its obvious popularity among users and many advantages, torrents can pose a kind of risk and it is worth knowing about it. In addition to frequent doubts as to the copyright of the films or programs made available there, experts point to problems related to the security of the data made available there. It is never known whether the shared file is, according to the name, the latest production, eg about agent 007, or the latest ... ransomware threat.

It may be dangerous to download a torrent client (eg BitTorrent) from a website other than the official one - software necessary for every user who wants to download files from other people using the BitTorrent protocol. A malicious file, masquerading as a real installer, can infect your computer and irreparably damage files on it. This situation already occurred once in 2016. Then cybercriminals attacked computer users with OS X by sharing a modified version of the Transmission application - a legitimate and well-known BitTorrent client. The user then downloaded a KeRanger ransomware to his device, which encrypted the data ( decryption is possible ). Despite the quick response of the Transmission program developers who removed the infected version of the program a few hours after its publication (on the official website of this company), thousands of people infected their devices with KeRanger malware.

This is not an isolated case. A few months later, malicious software called OSX / Keydnap, again attacking devices running OS X, was spreading through a different version of Transmission. The threat was able to steal logins and passwords stored in the Keychain application (password manager also known as the Keychain). After the incident was detected and reported to the developers of the program by specialists from ESET, the modified application was removed from the network.

In the case of BitTorrent networks, it may also be risky to share files. Their name may suggest content that actually turns out to be something else. This was the case with the Sathurbot backdoor, a threat discovered by ESET's experts in April 2017. Sathurbot was hiding as a popular movie or software to finally gain access to WordPress accounts and infect subsequent users. The infected torrent package contained a file with a video extension and a codec installer. The purpose of both was to get the user to run the executable file that loaded the Sathurbot DLL.

In February 2017, cybercriminals once again used BitTorrent sites. This time to spread the cryptic threat called "Patcher" hiding as an application for pirating the popular software Torrent contained a single ZIP file ESET identified two versions of this malicious software - each of them was a patcher, a program that modifies another program In the first case, patcher was intended for Adobe Premiere Pro and the other for Microsoft Office for Mac. Although the malware contained errors, its encryption procedure was effective and prevented victims from accessing files that were In addition, the ransomware did not have a code allowing communication with the C & C management server, which meant that it was impossible to send the decryption key.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.