Crooks abusing torrent services to distribute malware is not a novelty, Torrent users are often exposed to serious threats such if the one recently spotted by Kaspersky Lab and dubbed by the expert PirateMatryoshka.
The PirateMatryoshka is a new piece of malware hosted by The Pirate Bay torrent tracking website, it has been estimated that it was already downloaded about 10,000 times.
“We noticed that the tracker contained malicious torrents created from dozens of different accounts, including ones registered on TBP for quite some time.” reads the post published by Kaspersky.
“Instead of the expected software, the file downloaded to the user’s computer was a Trojan, whose basic logic was implemented by
Once the malware was downloaded, it installs adware programs and other tools on the users’ computers making it virtually useless. The
Experts noticed that the PirateMatryoshka malware is being distributed by seeders with a good reputation and that
Before performing other actions, the PirateMatryoshka checks that it is running in the attacked system for the first time by analyzing the registry key HKEY_CURRENT_USER\Software\dSet. If the result is negative, the installer access a pastebin.com page to receive a link to the additional module and its decryption key.
The downloader also drops another SetupFactory installer, used to decrypt and run four PE files in sequence.
“The second and fourth of these files are downloaders for the InstallCapital and MegaDowl file partner programs(classified by us as Adware).” continues the experts.
“The other two files are
The PirateMatryoshka malware floods the victim computer with unwanted programs.
Indicators of Compromise are included in the report published by Kaspersky.
Be cautious when using Torrent websites and always check downloaded content for malicious code.