Beware of infected torrents on popular trackers

Share on social media

If you’ve never downloaded a pirate game or program and you do not plan to do it in the future, then you can sleep well. We wanted to signal to other amateur piracy that apart from law enforcement agencies, organized criminals hunt them.

Cybercriminals are constantly looking for better ways to infect their victims. Sending files by e-mail, downloading through browser bugs or ordinary social engineering tricks are quite popular, but these are not the only distribution methods. Infected files distributed in p2p networks also gain growing popularity, and organized crime groups have special tools to facilitate mass infections of Internet users.

RAUM, which is a machine for distributing malicious files

InfoArmor has described an interesting tool used by criminals. It is a platform dedicated to managing the process of infection of torrent users. The first element is the machines that monitor the popularity of individual torrents containing executable files. Those fastest-gaining next download amateurs are typed into the infection process. Downloaded data is enriched with additional malware and shared under similar or identical names. Criminals have an extensive network of servers ensuring fast access to infected packages and place their productions on the most popular trackers. The final stage is monitoring the level of detection of malware by anti-viruses – when the level is too high, the package is dropped and resources are transferred to other files.

In addition to their own accounts established in various websites, criminals often also use accounts stolen from other users, using their reputation. The authors of the study estimate the number of infected users per tens of thousands. As packages and publishing accounts are often changing, we have no way of showing you the method of identifying infected files, so we recommend extreme care.

  This application will let you find real love, not what Tinder does

Download torrents only from