216

PSA/HOWTO: Avoid fake mkv torrents. Avoid getting hacked (lemm.ee)

submitted 2 days ago by American_Jesus@lemm.ee to c/piracy@lemmy.dbzer0.com

45 comments fedilink hide all child comments

There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk...) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows

HOW TO exclude from download on qBittorrent.

Go to Options -> Downloads
Enable "Exclude file names"
Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk

Or exclude all together: *.lnk

Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

you are viewing a single comment's thread
view the rest of the comments

[-] montar@lemmy.ml 2 points 13 hours ago

yep! I've found out browsing hacking/spamming site and i've found something too good to be true, it downloaded archive nested inside other archive and in it was silngle .lnk file leading to "the resource". Peeking inside i've found powershell executing base64 (or base32?) encoded script (it's got commandline option for that. if you want to ask wtf ask microsoft, and tell me), it dl'd some exe from some site and ran it, site was down alredy.