Microsoft has warned users of a significant increase in malware and ransomware embedded into illegal downloads of movies and other media.
With the global COVID-19 pandemic and lockdown in place across many countries, there has been a significant increase in Internet traffic, including the use of pirate streaming services.
“With lockdown still in place in many parts of the world, attackers are paying attention to the increase in the use of pirate streaming services and torrent downloads,” Microsoft Security Intelligence warned on Twitter.
“We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads.”
Microsoft Security Intelligence is Microsoft’s global network of security experts, specialising in threat intelligence and security research.
The company said that the campaign has been primarily observed in Spain but has also appeared in some South American countries.
These malicious ZIP files pose as popular Hollywood movies, with file names including “contagio-1080p” and “John_Wick_3_Parabellum”.
“The VBScript runs a command line that uses BITSAdmin to download more components, including an AutoIT script, which decodes a second-stage DLL,” Microsoft said.
“The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing.”
“The use of torrent downloads is consistent with our observation that attackers are repurposing old techniques to take advantage of the current crisis,” the company added.
Increased Internet traffic
Like many other countries affected by the COVID-19 pandemic, South Africa has seen a big increase in Internet traffic following the implementation of a national lockdown to curb the spread of the virus.
IPC usage data from Afrihost shows that South Africans are using far more bandwidth during the day as they are working from home.
The ISP recorded a big increase in bandwidth consumption during the lockdown. There was a 62% increase in usage in the afternoon and a 27% increase in usage at the peak – around 20:00.
This increase in Internet traffic means that there is a higher demand for media across various platforms, including streaming services, social media, and – as noted by Microsoft – piracy.
Another interesting revelation is there is only one period where pre-lockdown bandwidth use was higher than now – between 06:00 and 07:30.
This illustrates that people are getting up later during the lockdown, which is not surprising as no travel time is needed to start work
With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads. We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads.
— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020