Alert on illegal movie download: This new virus can 'destroy' your Windows PC/laptop

5 hours ago 3

A new type of

malware

called

Peaklight

is targeting people who download movies from illegal sites. This "next-stage" malware aims to infect Windows computers, ultimately deploying

information stealers

and loaders. Security researchers at Google's cybersecurity company

Mandiant

have warned that visiting illegal movie sites carries significant risks, including legal consequences and exposure to malware like Peaklight.

What is the “Peaklight” malware

In a blog post, Mandiant claims that Peaklight is a new and stealthy malware that operates entirely within a computer's memory, leaving no trace on the hard drive which makes it difficult to detect. Security researchers claimed that this malware is designed to discreetly download additional harmful software onto infected Windows systems.
"This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT,” Mandiant noted.

Mandiant explained that Peaklight uses a covert

PowerShell

script to deploy additional malware onto infected systems. This method facilitates the distribution of harmful programs such as

Lumma Stealer

, Hijack Loader, and CryptBot. These programs are offered as services for rent, enabling cyber attackers to steal information or take control of compromised computers.

How hackers can use Peaklight to infect Windows PCs

As per the report, cybercriminals are spreading the malware through fake movie downloads. For this, hackers are hiding dangerous Windows shortcut files (LNKs) within ZIP folders disguised as popular films.

Once opened, the LNK file triggers the following chain reaction:

Connection to a hidden source: It connects to a content delivery network (CDN) that conceals harmful JavaScript code. This code executes directly in a computer's memory, leaving no trace on the system’s hard drive.
Unleashing the malware downloader: The JavaScript then activates a PowerShell script named Peaklight.
Downloading more threats: Peaklight acts as a downloader, retrieving additional malware from a remote server. This could include dangerous programs like Lumma Stealer, Hijack Loader, and CryptBot, which can steal user data or give attackers control of the user's computer.

The report noted that the malware was particularly stealthy because it operates entirely within the computer's memory (RAM). This makes it very difficult for traditional antivirus software to detect, as most antivirus programs primarily scan the user’s hard drive for threats.
Mandiant researchers Aaron Lee and Praveeth D'Souza said: "PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths. If the archives do not exist, the downloader will reach out to a CDN site download the remotely hosted archive file and save it to disk.”

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request