Fake Snow White Movie Torrent Infects Devices With Malware

Disney’s latest Snow White movie, pinch a 1.6/10 IMDb rating, isn’t conscionable nan biggest flop nan institution has ever released. It’s specified an embarrassment that nan movie isn’t moreover disposable connected Disney’s ain streaming platform, Disney+.

According to cybersecurity researchers astatine Veriti, scammers are exploiting nan business by offering pirated versions of Snow White, specifically targeting torrent users and tricking them into downloading malware.

Screenshot credit: Hackread.com via IMDb

The Lure of a Pirated Download

On March 20th, what initially appeared to beryllium a morganatic blog station connected nan website “TeamEsteem” (teamesteemmethodcom) offered a pirated type of nan 2025 Snow White movie. The station provided a magnet torrent nexus that appeared safe but was really a trap. Researchers identified nan torrent record arsenic a malicious run designed to discuss users’ devices.

According to nan company’s blog post shared pinch Hackread.com, nan torrent nexus led to a package of 3 files. While it mightiness person seemed for illustration a modular movie download, it was thing but. Veriti recovered that 45 group were already sharing aliases “seeding” nan file, which could see some unsuspecting victims and attackers moving to dispersed nan trap faster.

A Fake Codec That “Spells” Trouble

When users downloaded nan torrent, they didn’t get a movie. Instead, they sewage a bundle of files, including a README archive and a suspicious record named “xmph_codec.exe.” The README claimed nan codec record was basal to play nan movie, a communal instrumentality utilized successful nan early days of online piracy to fool users into installing malicious software.

However, successful this case, moving nan “codec” record triggered a concatenation of malicious actions connected nan user’s device, including nan following:

• Disables Security: It shuts down Windows Defender and different built-in protections, leaving nan instrumentality wide unfastened to much attacks.

• Installs Malware: The record was flagged arsenic malicious by 50 retired of 73 information devices connected VirusTotal, a celebrated level for analyzing suspicious files.

• Drops More Threats: It softly adds further harmful files to nan system, mounting nan shape for further damage.

• Installs TOR Browser: It downloads and installs nan TOR browser, a instrumentality often utilized to entree nan Dark Web, without nan user’s knowledge.

• Connects to nan Dark Web: The malware communicates pinch a hidden server connected nan Dark Web (using a .onion address), making it difficult for information devices to way aliases artifact it.

In short, what looked for illustration a free movie exposes users to information theft aliases perchance ransomware.

The malicious station connected TeamEsteem blog and File breakdown wrong nan torrent package (Screenshots via: Veriti)

What’s The Connection pinch TeamEsteem?

TeamEsteemMethod.com is nan charismatic website of Team Esteem, LLC, a US-based statement founded by Jamie Levine, dedicated to assisting parents, schools, and educators successful addressing various puerility challenges.

Veriti’s squad believes nan attackers down this run managed to get their malicious blog station onto nan TeamEsteem website successful 1 of 2 ways: either by exploiting a vulnerability successful nan outdated type of nan Yoast SEO plugin aliases by utilizing stolen admin credentials to entree nan website.

The vulnerability successful mobility is CVE-2023-40680, recovered successful nan outdated type of nan Yoast SEO plugin, a celebrated SEO instrumentality utilized by complete 10 cardinal WordPress websites. Alternatively, nan attackers whitethorn person logged into nan tract utilizing stolen admin credentials to station nan clone blog introduction themselves.

Either way, nan attackers utilized nan tract arsenic a mean to instrumentality users into downloading their malware, banking connected nan hype around Snow White to tie successful victims.

Not The First Time

This isn’t nan first clip cybercriminals person utilized pirated movies arsenic bait, and it won’t beryllium nan last. High-profile releases like Snow White are premier targets because they pull immense interest, particularly erstwhile ineligible options are limited. With nary streaming merchandise connected platforms for illustration Disney+, galore fans move to torrent sites, hoping to prevention money aliases time. But arsenic this run shows, there’s nary specified point arsenic a “free lunch.”

In nan past, attackers person exploited nan fame of movies for illustration John Wick 3, Contagion, Black Widow, Joker, Ford v Ferrari, Pirates of nan Caribbean, and galore others to administer malware and ransomware.

The bully news? You tin still debar falling into traps by avoiding piracy, being cautious pinch malicious torrents, keeping your anti-malware updated to observe nan latest threats, and utilizing communal sense.