Security experts from Symantec warn PC users of an ongoing malware distribution campaign which leverages interest in gaming piracy to install PUPs (Potentially Unwanted Programs) on users’ PCs.
The company reports that it has detected websites which offer popular games for download in the form of a fake torrent file. As soon as PC users attempted to download the fake torrent file, they received a small script trying to execute automatically. The above-mentioned file uses an icon which looks like the regular logo of the uTorrent BitTorrent client, deceiving users that it’s a legitimate torrent file.
If the circumstances were normal, the script would be stopped by the Windows UAC (User Access Control) system. By providing instructions prior to the script’s download, the cyber criminals took precautions telling users they should allow the script to run, despite the UAC warning.
In case users allow this, the script would open their browser, navigate to a URL, and download another file. This file contains the name of the game the user tried to download via the torrent file but packed as an EXE file. Usually, the technical users would have spotted something wrong with this torrent download routine a long time ago, however, these campaigns are never aimed at them.
Hackers are successfully using these tactics against users with less knowledge of modern technologies, or against those who aren’t regular users of BitTorrent software.
According to Symantec, the particular EXE file distributed via this recent campaign installs PUPs on the users’ computers, in the form of applications which change the user’s default browser search engine and install custom browsers inserting ads into every website.
For the aforementioned campaign, the hackers used lures for games such as World of Warcraft: Legion (Blizzard Entertainment), Assassin’s Creed Syndicate (Ubisoft), The Witcher 3: Wild Hunt (CD Projekt), Tom Clancy’s The Division (Ubisoft), Just Cause 3 (Square Enix), and The Walking Dead: Michonne (Telltale Games).
“Symantec believes that the parties behind this campaign are attempting to fly under the radar by abusing numerous pay-per-install affiliate programs,” the company stated. “While this campaign only spreads PUP downloaders, the same distribution model may be used to deliver additional security risks or even malware.”