A security company, Info Armor, has discovered that a tool known as RAUM is spreading malware. The company released a report stating that the malware is targeting popular torrent files.
For those who are wondering what difference this makes when torrents are already illegal, sorry to disappoint, but the torrent files themselves are not illegal nor is the softwares’ that make use of these files, such as uTorrent and BitTorrent. These are only a means to download those files from a host machine to yours.
!!!Picture: https://www.infoarmor.com/wp-content/uploads/2016/09/Torrent-v-3-3.jpg
Image Source: InfoArmor – A screenshot of the backend system for managing the malicious torrents.
Torrents can be found via many websites hosting those files, such as KickAss Torrents or the Pirate Bay. These files allow the users to share video clips, music, games, e-books, among other data. If you are a frequent torrent user, then you can tell the difference between the genuine torrents as opposed to a fake torrent, by analysing the size of that torrent.
!!!Picture: https://www.infoarmor.com/wp-content/uploads/2016/09/Torrent-Flowchart.jpeg
mage Source: InfoArmor – An image showing design and details of its distrubution network.
However, according to the findings of InfoArmor, RAUM is the tool that hackers are using to hide the malware code via the uTorrent clients, as well as using a special kind of system. The latter system allows hackers to spread seeds for those torrents, utilising dedicated servers along with other infected machines.
The hackers who use this technology use analysis to distinguish popular movies, music and other online content. Once they have set apart the torrents that are commonly downloaded, they install and insert the harmful code in them. As said, earlier RAUM is used to infect these torrents via harmful seeds – which is a computer having the complete file for download, while the leeches – as you can guess by the name – is the person looking to download the file from the seeders.
!!!Picture: https://www.infoarmor.com/wp-content/uploads/2016/09/Torrent-v-3-2.jpg
///Image Source: InfoArmor – A screenshot showing an example of the parsed popular torrent files for further infection in the hackers’ backend system.///
However, according to the report by the security company, the hackers used this technology to hack specific accounts in the torrent community, later spreading their malware to the general user. Because most people download torrent files from uploaders with five-star ratings, such as YIFY Torrents for movies, hackers infect these uploaders, thus, making it incredibly easy for them to spread the malware.
According to the security firm, a malicious seeds’ life can go on living for more than one and a half months, which if exists in a popular torrent, can be downloaded thousands of times. The company also says that most of these seeds can be found in gaming torrents, as they are downloaded the most.
InfoArmor further says that in order for the malicious torrents to avoid detection by antiviruses, they are embedded with ransomware Cerber, CTB Locker and CryptXXX and a Trojan called Dridex. The company has discovered more than a million devices infected with this torrent cluster of mayhem.
So for now, we recommend to not download torrents, especially gaming torrents, not until a permanent solution is discovered by the companies hosting these torrent files.
Source: InfoArmor, Hackread
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (Torrent Files Aren’t Safe Anymore – They have RAUM Malware) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.