Snow White — Beware the Bad Apple in the Torrent

March 27, 2025, 2:21 p.m.

Description

A new malware campaign is targeting users attempting to download the Snow White movie through torrent sites. The attackers exploit a compromised blog to distribute a malicious torrent package disguised as a pirated version of the film. The package contains a fake codec installer that, when executed, deploys sophisticated malware. This malware disables security features, installs the TOR browser, and communicates with a Dark Web C2 server. The campaign revives old social engineering tactics while incorporating modern malware delivery methods and anti-detection techniques. The article provides file hashes and IoCs for detection, emphasizing the ongoing risks associated with pirated content and the importance of updated security measures.

External References

https://securityboulevard.com/2025/03/snow-white-beware-the-bad-apple-in-the-torrent/?utm_source=rss&utm_medium=rss&utm_campaign=snow-white-beware-the-bad-apple-in-the-torrent
https://otx.alienvault.com/pulse/67e5309b5ce9eebde6617131
Tags
social engineering
tor network
dark web
2025-03-27
iocs
torrent
movie piracy
codec installer
CVE-2023-40680
malware dropper

Date

  • Created: March 27, 2025, 11:03 a.m.
  • Published: March 27, 2025, 11:03 a.m.
  • Modified: March 27, 2025, 2:21 p.m.

Attack Patterns

  • T1102.003
  • T1573.002
  • T1059.001
  • T1547.001
  • T1095
  • T1071.001
  • T1562.001
  • T1204.002