“CracksNow” Apologizes for Malware Distribution and Claims Accounts Were Hacked

Last updated July 14, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Last week, multiple torrent websites like 1337x, PirateBay, and TorrentGalaxy banned one of their most prolific and trusted users, CracksNow. The particular uploader has managed to form a large group of followers thanks to the popularity of the software tools that he offered “cracks” for, and so it was a surprise for everyone to see that he has gone rogue, infecting BitTorrent users with dangerous software like the GandCrab ransomware. That said, the possibility of the uploader’s account to have been hacked was high, as this could be a plausible explanation for the sudden shift in his “business model”.

Now, this scenario is further backed by the uploader himself, who has come forth to deny that he purposely distributed malware-ridden torrents, and claiming that his torrent accounts were hacked. Considering the popularity of CracksNow, he is an attractive target that could enable the spreading of ransomware to many thousands within a short period of time before anyone realizes what happened. As the uploader explained to TorrentFreak, he has found that the torrent files on his server featured a different infohash from those found on the torrent sites, so someone had replaced the legit torrent files with malicious ones.

A TorrentGalaxy administrator confirms this scenario after further investigation of the account logs that revealed this deleting-and-replacement procedure. Torrent sites do not feature strong account protection mechanisms, so activities like this are not detected, and the only solution was to ban CracksNow. The uploader took responsibility for the situation anyway, while he is perplexed about how the hackers got their hands to his credentials. As he stated: “It’s my responsibility to keep my account secure and I failed in that. A lot of users who trusted CracksNow got infected and got their files encrypted. I feel really bad about this, and I am sorry to everyone who got infected.”

The ban is not to be lifted no matter how plausible the explanations that were given are, and the “goodies” of CracksNow will be accessible solely through his website from now on. We are by no means suggesting that you should trust the uploader’s homepage, nor encourage you to download cracked software. This is just to give you the other side of the story, as a follow up to last week’s news. Downloading and running software from non-trusted sources involves great risks of getting infected with malware, and no matter who’s to blame, this case is absolutely indicative of this fact.

Do you believe CracksNow’s story, and would you trust his uploads from now on? Let us know where you stand in the comments section beneath, and don’t forget to check out our socials on Facebook and Twitter, for more tech news.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: