Scammers are capitalizing on the popularity of Leonard DiCaprio’s latest film to try and infect unsuspecting PC users with malware.
Antivirus provider Bitdefender is warning about the threat “after noticing a spike in detections,” suggesting the malware is gaining some traction among Windows users.
The malware is arriving through a torrent for One Battle After Another. Pirated downloads of the film have been circulating on peer-to-peer networks, but this particular torrent installs an infamous remote access Trojan targeting Windows PCs called Agent Tesla.
“This type of malware is designed with a single purpose: to provide attackers with unfettered access to the victim’s Windows computer,” Bitdefender added. “Once they have a foothold, criminals can access the computer remotely and steal financial and personal information or use the device to launch additional attacks.”
The downloaded torrent doesn’t appear to contain a real copy of the critically acclaimed film. Instead, it features a .lnk shortcut file that’s designed to look like a movie launcher.
In reality, the shortcut file will access the included .srt subtitle file in the torrent. Bitdefender found the subtitle file contains some hidden and malicious computer code, alongside the real subtitle text. To install the malware, the attack leverages the built-in Windows tool PowerShell to extract other computer code in the downloaded torrent, including from a fake video file called “One Battle After Another.m2ts” and two other images.
“It’s impossible to estimate how many people downloaded the files, but we saw that the supposed movie had thousands of seeders and leechers,” Bitdefender added.
A Chinese cybersecurity company, Huorong Security, also flagged the threat earlier this month after detecting a user trying to pirate the DiCaprio film. Huorong posted screenshots that appear to show the torrent pretending to offer a 2160p quality version of One Battle After Another. The malware is a reminder to be careful around pirated movies, music, and games, which hackers often exploit use to spread Trojans and other malicious programs to users.
One Battle After Another, which just secured nine Golden Globe nominations, is currently available to rent or buy from platforms like Amazon, but we don’t have a streaming date yet.
About Our Expert
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
-
SpaceX Alleges a Chinese-Deployed Satellite Risked Colliding With Starlink
-
Lawsuit Says ChatGPT Intensified Man’s Paranoia Before He Murdered His Mother
-
SpaceX Quietly Removes $40-Per-Month Starlink Plan in the US
-
Trump Signs Executive Order to Go After ‘Burdensome’ State AI Laws
-
Update Now: Chrome Browser Vulnerable to Mysterious But Active Attack
-
More from Michael Kan
