Fake Sites Distribute Trojans That Install Browser Add-Ons to Steal Private Data
Published on August 12, 2024
Pirates interested in the House of the Dragon show were infected with a Trojan hidden in a non-existing “bonus” episode on torrenting websites. The Game of Thrones prequel series was very popular in pirate circles, and hackers exploited the masses’ interest in this show to distribute malware via pirate sites.
House of the Dragon S02E09 had been uploaded to several popular torrent sites, added through an RSS feed monitored by FlexGet. The file mimics a genuine release, with a file size matching a standard episode and added credibility due to its TorrentGalaxy origin.
While House of the Dragon fans know season 2 has eight episodes, viewers who are not up to date with this information overlook this surprise file with a .mkv extension, which is a universal format for storing multimedia content such as movies and TV shows.
Source: TorrentFreak
However, it hides a malicious Windows shortcut (.LNK) file that triggers Trojan downloads, such as Fragtor, as reported by VirusTotal scans.
Trojans allow attackers to establish remote access connections, harvest system data, download additional malware, perform denial-of-service (DoS) attacks, and more. This type of malware sometimes even installs browser add-ons that steal sensitive user data.
TorrentGalaxy has already deleted the malicious ninth episode, and it banned LNK files from being added to torrents. Yet, House of the Dragon S02E09 is still actively shared by roughly two dozen people.
HBO posted a takedown notice in the Lumen Database, asking Google to remove the allegedly “infringing” link to this fake extra episode via its anti-piracy partner Marketly.