09 July 19, 06:27
Quote:A botnet dubbed GoBotKR is targeting fans of Korean TV, compromising computers via pirated copies of South Korean movies, games and TV shows available via Korean and Chinese torrent sites. Ultimately, the cybercriminals are building a network that can then be used to perform DDoS attacks of various kinds, according to an analysis from ESET.
While the torrents purport to be pirate versions of real content, they actually contain two malicious files (with deceptive filenames, extensions and icons), in addition to the expected MP4 file. The first is a malicious executable masked as a PMA archive file, with a filename mimicking various codec installers, according to ESET. The second is a malicious LNK file with a filename and icon mimicking the expected video file.
Clicking on the latter executes the malware, while also opening the MP4 and playing the expected content. “Directly opening the intended MP4 file will not result in any malicious action,” the researchers said in a posting on Monday. “The catch here is that the MP4 file is often hidden in a different directory, and users might encounter the malicious LNK file mimicking it first. Further increasing the chance of users falling for the lure is the fact that the extension of the LNK file is normally not displayed when viewed in Windows Explorer.”
SOURCE: https://threatpost.com/gobotkr-pirate-to...et/146285/