Security Affairs
Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer’s Network|U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer’s Network|U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks spread malware via pirated movies during COVID-19 outbreak

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed. Crooks are attempting to take advantage of COVID-19 pandemic […]

COVID-19 torrent risks

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic.

With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed.

Crooks are attempting to take advantage of COVID-19 pandemic spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns.

Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads.

“The ZIP files pose as popular Hollywood movies with file names like “contagio-1080p”, “John_Wick_3_Parabellum”, “Punales_por_la_espalda_BluRay_1080p”, as well as Spanish titles like “La_hija_de_un_ladron” and “Lo-dejo-cuando-quiera”.” reads the Tweet published by the Microsoft Security Intelligence team.

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. We’re seeing the campaign affecting a wide range of customers, from home users to enterprises.

The attackers behind this campaign are primarily targeting home users to enterprises from Spain and some South America, operators attempt to launch the coinminer directly into the compromised devices’ memory.

Upon executing the VBScript on computers of home users, it will also download additional payloads in the background by abusing living-off-the-land binaries (LOLbins) such as the legitimate command-line BITSAdmin tool.

One of these additional payloads is an AutoIT script that decodes a second-stage DLL into the infected computer’s memory, which loads a third DLL that injects coin-mining code into a notepad.exe process through process hollowing.

“The use of torrent downloads is consistent with our observation that attackers are repurposing old techniques to take advantage of the current crisis,” continues Microsoft.

The abuse of nothing new, however, as high-profile movies and TV shows are frequently used as social engineering baits promising early previews either in the form of malicious files disguised as early released copies or fake streaming sites.

In March 2019, Cybaze-Yoroi Z-Lab researchers conducted a study on the risks related to the use of the BitTorrent protocol to download movies, games or pirated software. The analysis shed light on the risk faced by users while searching for movies, games, and software on popular BitTorrent trackers. The experts analyzed dozens of torrents and discovered that most of them were delivered in bundle with malware or Adware, exposing at risk of infection the average user with a few interactions.

In this analysis, researcher downloaded torrents belonging to 3 different categories of interest: Movies, Games and Software

To avoid being infected with malware, home users are recommended to access only legal streaming platforms.

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – pirate streaming services, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]