Illegal movie downloads could be hiding dangerous new malware

Illegal movie downloads could be hiding dangerous new malware

Illegal movie sites are not the best places to visit on the internet. The fact that they are illegal should tell you that. While the legal consequences of pirating content are a big concern, you also risk getting malware, and not just any malware. Security researchers have identified a type of malware targeting illegal movie downloaders, known as Peaklight, classified as next-stage malware. 

Its ultimate goal is to infect Windows systems with information stealers and loaders. Below, you’ll find more details about Peaklight, along with tips to stay protected.

GET SECURITY ALERTS, EXPERT TIPS โ€“ SIGN UP FOR KURTโ€™S NEWSLETTER โ€“ THE CYBERGUY REPORT HERE

Illegal movie downloads could be hiding dangerous new malware

A person about to watch a movie on their laptop (Kurt “CyberGuy” Knutsson)

What is Peaklight

Peaklight is a new type of malware that works only in your computerโ€™s memory and doesnโ€™t leave a trace on your hard drive. Itโ€™s designed to secretly download other harmful software, according to Mandiant, a cybersecurity company owned by Google.

“This memory-only dropper decrypts and executes a PowerShell-based downloader,” Mandiant said. “This PowerShell-based downloader is being tracked as PEAKLIGHT.”

Mandiant explains that Peaklight uses a hidden PowerShell script to download more malware. Some of the dangerous programs spread this way include Lumma Stealer, Hijack Loader and CryptBot, which are sold as services that hackers can rent to steal information or control computers.

Illegal movie downloads could be hiding dangerous new malware

A woman watching movies on her laptop (Kurt “CyberGuy” Knutsson)

HACKED, SCAMMED, EXPOSED: WHY YOUโ€™RE ONE STEP AWAY FROM DISASTER ONLINE

How does it infect your computer?

The attack starts when someone downloads a Windows shortcut file (LNK), often while searching for pirated movies. These files are hidden inside ZIP folders that pretend to be movie downloads.

When the LNK file is opened, it connects to a content delivery network (CDN) that hides harmful JavaScript code, which runs only in your computer’s memory. This code then runs a PowerShell script called PEAKLIGHT, which connects to a remote server to download more harmful software.

Peaklight is designed to run entirely in your computer’s memory, which makes it much harder for antivirus software to detect. Since it doesnโ€™t leave traces on storage, the antivirus would need to scan the memory (RAM) to catch it.

“PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths,” Mandiant researchers Aaron Lee and Praveeth D’Souza said.

“If the archives do not exist, the downloader will reach out to a CDN site and download the remotely hosted archive file and save it to disk.”

Illustration of a scammer using malware

Illustration of a scammer using malware (Kurt “CyberGuy” Knutsson)

PHARMA GIANTโ€™S DATA BREACH EXPOSES PATIENTSโ€™ SENSITIVE INFORMATION

6 ways to protect yourself from malware

1) Avoid downloading pirated content: Stick to legal platforms for movies, music and software. Pirated sites are high risk because they often disguise malware as legitimate content. Even searching for a movie on search engines can lead you to dangerous sites that trigger drive-by downloads.

2) Keep your operating system and software updated: Regularly update your Windows OS, antivirus software, browsers and other applications. Security patches are released to fix vulnerabilities that malware like Peaklight can exploit. Enabling automatic updates is the best way to stay ahead of these threats.

3) Use strong antivirus software: A strong antivirus program is your first line of defense. Choose one that includes real-time scanning, memory scanning and behavioral analysis. Many modern antiviruses scan not only files but also your computerโ€™s memory (RAM), which is where Peaklight hides.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices

4) Be cautious of suspicious links and files: Donโ€™t click on unknown links, especially if they offer free movies, games or other attractive content. Similarly, avoid downloading files from untrusted websites, even if they seem to be harmless ZIP folders.

5) Use strong passwords and two-factor authentication: Secure your online accounts by using strong, unique passwords for each account and enabling two-factor authentication. This ensures that even if some malware like information stealers try to grab your login data, they can’t access your accounts without the extra verification step. You can also use a password manager to generate and store your passwords securely.

6) Be wary of compressed files (ZIP, RAR): Compressed files are a common method for hiding malware. Even if they appear to be pirated movies, they could contain LNK files or other malicious scripts. Always scan these files with your antivirus before opening them.

HEREโ€™S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Kurtโ€™s key takeaway

The idea of pirating content can be tempting. With so many streaming services and subscriptions out there, itโ€™s impossible to have them all, which makes piracy seem like an option worth considering. But itโ€™s better to pay up or watch something else. You donโ€™t want your computer to be infected by malware and risk losing your money and personal data.

Have you ever been tempted to use illegal streaming or download sites? What stopped you (or didnโ€™t)? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.