The Pirate Bay, which has been closed many times, is still the world’s largest collection centre for pirated movies. The website is uploaded by users to download pirated movie download links. It is also because the Pirate Bay is very popular, so the hacker gang is also eyeing the site, inducing users to download the virus by issuing a fake movie download address.
Some researchers have downloaded an official trailer for hacking movies in The Pirate Bay. The file contains a shortcut that requires the user to click to download. The actual shortcut calls PowerShell to execute a script command to download a malicious module, and the user may be unknowingly infected with malware.
Security researchers say the shortcut can bypass most security software, so even if users have security software installed, it won’t help. If the user actually runs the shortcut, then the system will download multiple malicious modules, each of which is used to perform different tasks in a targeted manner. The loaded virus module first modifies the registry to disable Windows Defender protection and then starts installing malicious extensions to Google and Firefox.
The installed malicious extensions are extremely rich in features such as inserting online ads in Google Search and the Russian Yandex search engine to monetize.
If the user opens Wikipedia, they will be redirected to the Wikipedia Donation page to induce users to pay wiki donations to the hacker’s Bitcoin wallet. In addition, if the user attempts to send Bitcoin or Ethereum, then the receiving wallet address will also be tampered with, and the user will pay the hacker if he does not pay attention.