Leveraging torrents to deploy malware are quite popular. However, a recent campaign has seen fake torrents being flooded on websites such as The Pirate Bay (TPB). These torrents were found to have a malware dubbed as Pirate Matryoshka. Security firm Kaspersky Labs discovered this malware and its campaign.
How does the malware operate?
Checks for earlier instances - Kaspersky mentioned that the malware checks compromised systems to see if it’s the first instance of the infection.
The blog highlights, “..PirateMatryoshka verifies that it is running in the attacked system for the first time. To do so, it checks the registry for the path HKEY_CURRENT_USER\Software\dSet. If it exists, further execution is terminated. If the checking result is negative, the installer prods the pastebin.com service for a link to the additional module and its decryption key.”
Furthermore, it is believed that compromised TPB accounts were used to spread more malicious torrents on affected systems. Thus, Pirate Matryoshka is considered to be more penetrative compared to other malware.
Publisher