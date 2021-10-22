South Korea website is used to host viruses and distribute it via torrents
A malware distribution campaign in South Korea is disguising remote access trojans as a game for adult audiences, shared via a file hosting service such as WebHard , and torrents.
WebHard is a popular online hosting service in South Korea that allows users to perform direct downloads, that is, without the use of third-party programs, of the documents filed in it. Download links are often shared via communication networks such as Discord or social media posts.
Criminals are using these links, along with torrents, to covertly share files that infect victims’ computers with remote access trojans (RAT), such as njRAT and UDP RAT, in the form of an adult game . Remote access trojan viruses are threats that, after infection, can be controlled by attackers remotely.
njRAT and UDP Rat are threats that can capture your typing on an infected computer , take screenshots of the device and also modify the Windows registry to be able to stay in the system longer, undetected. In addition, they also make connections to command and control servers, thus being able to send the stolen data to responsible criminals and download other malicious agents to infected computers.
The malicious file after being unzipped. (Image: Playback/BleepingComputer)
The supposed game, which comes compressed, when opened, has an executable file called game.exe, which, in fact, is the digital threat. When executed, the computer is infected and a new game.exe file is created that actually runs the game, making users suspicious.
Dangers of torrent and hosting services
Although there are numerous ways that criminals use to infect victims’ systems, file storage services and torrents , have been an effective form of infection for years.
Both torrents and online file storage services are unregulated, making it possible for threats to be made available without danger from being removed. In addition, regardless of whether the attack focuses on users from South Korea, nothing prevents users from Brazil from downloading malicious files, especially when sharing torrents, bringing the threat For the country.
For better security, we recommend that downloads via torrents or file hosting services are avoided. It is always preferable to use reputable and trustworthy websites to get the files shared on the internet. And in the case of games, beware of games that seem to have come out of nowhere, without press coverage, as the title can be a scam in disguise.
Source: BleepingComputer
