Pirate Bay is a popular movie downloading website. However, users downloading movies from this site are reported to be vulnerable to cryptocurrency theft and phishing activities.

One user under the profile name of ‘0xffff0800’ was the first to bring it to the notice when he explained his experience of downloading ‘The Girl In The Spider’s Web’ from TPB just to be faced with a ‘.LNK’ shortcut has CozyBear malware along with a series of PowerShell directions.

The malware is built to undertake a series of assaulting activities on a user’s computer including breaking Windows Defender and pushing viral extensions in Firefox and Chrome. In this way, it edits the appearance of site pages on a user’s computer system and then starts conducting phishing attacks.

This is different than spoofing in which fake websites are built to fool people as these websites do resemble with the original. However, in the case of websites in question, it is hard to detect them as these websites overlays code over trusted websites.

Usually, the CozyBear malware is used to assault the Windows system, but in this case, it is different.

The ‘.LNK’ shortcut ushers a user to a chain of Powershell commands. These commands end with a payload getting downloaded into the user’s computer system. Once this is done successfully, the hacker gets a chance to disable antivirus software and introduces bad code in Firefox and Chrome.

When the users open any of these two browsers, the recently added viral extensions pervade multiple website pages with modified versions of JavaScript code. Modified JavaScript codes permit hackers to run and edit pages.

The malware keeps an eye of internet searches and tails every changing web results. Advertisements which support the attackers appear far higher on search rankings than they would ever generally come, and disliked products get ranked ahead of popular products.

Most alarmingly, its capacity to edit the web page’s appearance and change its data without attracting the user’s attention, help attackers to steal cryptocurrency. The malware can also replace crypto wallet addresses given by on-web pages that do accept bitcoin payment, so all the bitcoins go to the attacker’s wallet.

The development of this hacking threat underlines the risks innate in acquiring media files through torrent downloads. Torrent users already are facing many security breach threats; additional risk of losing cryptocurrency would affect their decision of using such sites.