7 comments

  • kristianp 1899 days ago
    This seems to be the original tweet that's the source of the article:

    https://twitter.com/0xffff0800/status/1083585136833179648

    There are a few screenshots in the tweet and the following ones to show how it works.

  • LeoPanthera 1899 days ago
    Was this article written by a markov chain? There's a lot of words there but it doesn't make much sense at all.
    • yqt 1898 days ago
      Machine translation from Chinese I suppose.
  • tobias__ 1899 days ago
    The topics seem interesting but I'm having a lot of trouble parsing the contents of the article

    > The malware launches a Powershell command, which then inserts malicious code into the Firefox browser. The attack is designed to infect movie torrent files and is also meant to infect Windows computers in particular. The point of the attack is to phish for any Bitcoin or Ethereum addresses that the user might have. It’s an advanced virus as it then actually aims to replace these victims addresses with the hacker’s wallet.

    Not sure where torrent come into this at all, for example

    • themodelplumber 1899 days ago
      So far I've got:

      Download a movie --> Magic Happens --> Powershell --> Firefox compromised! --> We infected your torrents! --> Ah, found your crypto. --> Your address is now replaced with my wallet!! Ha ha!

      • Dylan16807 1899 days ago
        Based on the tweets, step two is that the "movie" is actually a shortcut file. The shortcut runs powershell with a short obfuscated command that downloads the malware payload. Then it does a variety of normal malware stuff.
      • rasz 1898 days ago
        except there is no movie
  • kakarot 1899 days ago
    > MacAfee Labs – one of the most well-known cybersecurity companies in the world

    Alright, I'm just gonna stop reading right there. Literally pick any cybersecurity company to quote other than McAfee.

    • ccnafr 1898 days ago
      It said "well-known" not "reliable" or "respected"

      So, it's true. They are very well known.

    • MRD85 1898 days ago
      Are you able to explain what is wrong with MacAfee? I'm not knowledgeable in this area.
      • kakarot 1898 days ago
        John McAfee left only a few years into the company, and then McAfee AV slowly morphed into one of the most bloated applications in the business, riddled with spyware. They were one of the first to begin selling customer data. Like Norton, AVG, Avast and others are now doing as well.

        I'm sure McAfee employs a few smart people but the management is radioactive. They simply do not have a cutting-edge security culture and people are their products, not their customers. Like Norton, they employ scare tactics and Dark UI in order to coerce customers into keeping the software installed. They try to worm their way into default installations so that they can exploit a computer for its entire lifetime.

        Kapersky recently released a security bulliten on crypto mining and theft, they may be Russian but they are a crack security team and I would trust them over any of the other companies I've mentioned.

        https://securelist.com/kaspersky-security-bulletin-2018-stor...

        • MRD85 1898 days ago
          Thank you for the reply. I've only recently started becoming interested in cyber security, I participated in my first CTF late last year. I'm still very uninformed about the wider cyber security culture.
  • walrus01 1899 days ago
    How do you "infect" a .torrent file? Sounds to me it's more like tricking people into running a .exe
  • upofadown 1898 days ago
    After reading the other sources, it appears that this exploits the way Windows executes things without warning the user. You download a video file, you click on it, and Windows unexpectedly executes some hostile code. What the payload does after that isn't really all that interesting, it could be made to do anything.
  • hanselot 1898 days ago
    Honestly, for all the work they did, they deserve it.