Security News Campaign Using Fake Gaming Torrents Ramps Up, Spreads Malicious PUAs

[Jack]

Content source

http://news.softpedia.com/news/campaign-using-fake-gaming-torrents-ramps-up-spreads-malicious-puas-505164.shtml

Symantec security researchers are warning of an ongoing malware distribution campaign that leverages interest in gaming piracy to install PUAs (Potentially Unwanted Applications) on users' PCs.

The company detected websites offering popular games for download in the form of a fake torrent file. When users attempted to download this fake torrent file, they would receive a small script that tried to execute automatically.

This file uses an icon that looks like the regular logo of the uTorrent BitTorrent client, making users believe it's a legitimate torrent file.

Windows UAC would be able to stop the attack, if not for users

In normal circumstances, the script would be stopped by the Windows UAC (User Access Control) system. The hackers took precautions against this by providing instructions prior to the script's download, telling users they have to allow the script to run, despite the UAC warning [pictured below].

If users allow this, the script would open the user's browser, navigate to a URL, and download another file.

This file contains the name of the game the user tried to download via the torrent file but packed as an EXE file.

Read more: Campaign Using Fake Gaming Torrents Ramps Up, Spreads Malicious PUAs

 

[Rishi]

This is where virtualization (light or full-blown) can save the day, but better would be to avoid piracy or staying cautious with torrent downloads.Trying to save a few bucks might as well cost you something.

 

[Jrs30]

All that is too easy to have something hidden behind.
As you made clear in this post, a post that I think everyone should see and follow the recommendations! 5 easy tips to avoid infections
This part fits nicely.

Spoiler: Image

 

[frogboy]

I for one have never used or trusted torrent sites because you just never really know what the files you receive will contain.

 

[TwinHeadedEagle]

Noticed this couple of months ago while searching for some infection. On PirateBay, there were a lot of fake torrents. I saved a picture.

23mb Battlefield 3 game . When I executed that file it installed bunch of PUAs.

Notice number of people that downloaded it

 

[jamescv7]

Windows UAC would be able to stop the attack, if not for users

Yes for basic protection however threats are already smarter, in ransomware where can easily bypass UAC even click no.

So at that point, 3rd party programs must enforced.

For torrents, number of seeders + knowledge on the size of file you want to install in order to avoid issues. A typical torrent user should know this.