Watch out — those movie downloads could actually just be vicious new Windows malware

Lumma, for example, is a known piece of malware that’s been extensively covered by the media. It is capable of grabbing passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, for a subscription fee ranging between $250 and $1,000.

Downloading malware

The dropper is dubbed PEAKLIGHT. It appears to be brand new, and works as a memory-only dropper: "This memory-only dropper decrypts and executes a PowerShell-based downloader," Mandiant said in a technical write-up.

The researchers saw the dropper in .ZIP archives on the internet, pretending to be pirated movies. These archives contained a Windows shortcut file (.LNK) which, when ran, connects to a content delivery network (CDN) hosting an obfuscated, memory-only, JavaScript.

"PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths," Mandiant added. "If the archives do not exist, the downloader will reach out to a CDN site and download the remotely hosted archive file and save it to disk."

Pirated content, including movies, music, software, and books, have been used to distribute malware for years. During the Covid lockdowns, as people were stuck inside and looking for ways to kill the time, many turned to pirated content - and hackers took advantage, distributing malicious cryptocurrency-mining malware via fake film torrents.

The movie John Wick: Chapter 3 - Parabellum - which was a blockbuster hit at the time, was one of the movies used to distribute malware.

Via The Hacker News

More from TechRadar Pro

• Microsoft just revealed another reason not to download movies illegally
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now