Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Fake Movie Torrent Exposes Complex Malware Infection Chain



A sophisticated malware attack disguised as a fake movie torrent has exposed a complex infection chain that infected devices with the Agent Tesla RAT malware. The malicious torrent file, containing various files including a subtitle file with embedded PowerShell scripts, managed to infect devices and steal sensitive information. Read more about this recent discovery by Bitdefender researchers.

  • A fake movie torrent was used in a sophisticated malware attack disguised as Leonardo DiCaprio's "One Battle After Another".
  • The malicious torrent file infected devices with the Agent Tesla RAT (Remote Access Trojan) malware.
  • The malware extracted and ran PowerShell scripts, which performed various actions on the host device.
  • AgentTesla is a long-running Windows RAT that steals credentials and captures screenshots.
  • Cybersecurity experts warn users to avoid pirating new movies due to the risk of malware attacks.



    • A recent discovery by Bitdefender researchers has shed light on a sophisticated malware attack that was disguised as a fake movie torrent for Leonardo DiCaprio's "One Battle After Another". The malicious torrent file, which contained various files including a subtitle file with embedded PowerShell scripts, managed to infect devices with the Agent Tesla RAT (Remote Access Trojan) malware.

    The malicious torrent file used in the attacks contained various files, including a movie file, two image files, and a shortcut file that appeared as a movie launcher. When the CD shortcut was executed, it launched Windows commands that extracted and ran a malicious PowerShell script embedded in the subtitle file between lines 100 and 103.

    The extracted PowerShell scripts then acted as a malware dropper, performing various actions on the host such as extracting the One Battle After Another.m2ts file as an archive, creating a hidden scheduled task to run RealtekCodec.bat, decoding embedded binary data from Photo.jpg, writing restored files to the Windows Sound Diagnostics Cache directory, and checking whether Windows Defender was active.

    The final stage of the malware infection involved extracting Cover.jpg contents into the Cache directory, including batch files and PowerShell scripts. These extracted files were used to check whether Windows Defender was active, install Go, extract the final payload (AgentTesla), and load it directly into memory.

    AgentTesla is a long-running Windows RAT that has been widely used due to its reliability and ease of deployment, commonly stealing browser, email, FTP, and VPN credentials as well as capturing screenshots.

    The discovery by Bitdefender researchers highlights the increasingly complex and stealthy nature of malware attacks in recent times, with malicious actors taking advantage of interest around new movies to upload fake torrents that contain malware. Cybersecurity experts warn users to avoid pirating new movies entirely for safety reasons.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Fake-Movie-Torrent-Exposes-Complex-Malware-Infection-Chain-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/fake-one-battle-after-another-torrent-hides-malware-in-subtitles/

  • https://www.bitdefender.com/en-us/blog/hotforsecurity/fake-leonardo-dicaprio-film-torrent-agent-tesla-malware

  • https://cybersecuritynews.com/beware-of-fake-leonardo-dicaprio-movie/


    • Published: Fri Dec 12 11:19:40 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us