One Battle After Another has been hailed as one of the best movies of the year, generating Oscar buzz in every major category. But if you’re hoping to watch the film at home, it’s best to steer clear of illegal downloads, particularly in this case. Security researchers have discovered malware in some torrents of the movie that can turn any Windows PC into a zombie agent.
Bitdefender reports that some torrents of One Battle After Another currently available online contain PowerShell scripts and image archives that, when executed, build a memory-resident command-and-control (C2) agent. Users who download the torrent files are expecting a video file, but they’re actually getting a Remote Access Trojan (RAT) that’s been dubbed Agent Tesla.
Put simply, the file can give hackers complete access to your computer where they can steal all kinds of personal and financial data. Or they can use your computer to infiltrate other computers.
“The Agent Tesla RAT itself is not novel, but the deployment of consecutive attack methods leveraging PowerShell and other LOTL (Living Off the Land) tools is highly interesting,” the post from Bitdefender explains. “According to our insights, this particular type of attack has been used only in this torrent download.”
Once a user has downloaded the torrent folder they’re directed to open CD.lnk to launch the movie. The malicious scripts are hidden inside the subtitles file, labelled Part2.subtitles.srt, which are executed after the user tries to open the film. The subtitles file actually has real subtitles, but lines 100 to 103 contain batch code that start the attack on the user’s computer, according to Bitdefender.
Hiding malicious code in subtitles files has been a known method of deploying malware since at least 2017, but these specific methods are new. Bitdefender notes that Agent Tesla has been used in the past through email phishing attempts in 2023 and covid-19 vaccination registration information in 2021.
Experienced media pirates are unlikely to fall for this attack, since executing a strange program is unnecessary for watching movies, which are typically distributed illegally with file types that include .mp4 and .mkv. This torrent is “directed at novices who don’t often download pirated content or understand the dangers of torrents,” according to Bitdefender, which makes sense given the hype around this movie. Something this popular is likely to get newbie pirates just looking for a free way to check it out.
The film was directed by Paul Thomas Anderson and has an incredible ensemble cast including Leonardo DiCaprio, Sean Penn, Regina Hall, Benicio del Toro, Teyana Taylor, and newcomer Chase Infiniti. New York Film Critics Circle named it best picture of the year. The film picked up nine nominations at the London Critics’ Circle Film Awards, which were announced Monday, the most of any film. And it’s expected to do exceptionally well during the next Academy Awards ceremony in March.
HBO Max also announced Monday that the film will be streaming on the platform starting Dec. 19. So there’s no excuse to torrent the film. Especially when it might turn your computer into a malware-infected zombie.
.jpg?w=100&resize=100,70&ssl=1 "The Best Podcasts for Everyone")
