PirateMatryoshka Trojan

PirateMatryoshka is a new trojan that has been discovered and this will attempt to phish users and install potentially unwanted programs if unsuccessful.

The trojan is called PirateMatryoshka after the classic Russian stacking doll due to its “seemingly endless stack of functionality”.

It is delivered through disguised torrent files hosted on illegitimate sharing websites. Unlike other malware distributed in this manner, PirateMatryoshka uses established sharers’ files to propagate, increasing the likelihood they are downloaded by other users. When a user attempts to open a spoofed file, PirateMatryoshka will display a fake login window prompting the user to enter their sharing site credentials. It will then use these to create new seed files to propagate to other users.

If no credentials are entered, PirateMatryoshka will instead deploy several additional payloads, using an auto-clicking function to dismiss any warning prompts before the user can see them. At the time of publication, the majority of payloads observed have been adware and click-fraud related, such as pBot, although a significant minority have been more serious malware.

Kaspersky said that compromised accounts were most likely used by the cybercrims to spread more malicious torrents.

Further details – https://securelist.com/piratebay-malware/89740/

The Pirate Matryoshka malware displays phishing windows to steal logins and passwords to Pirate Bay accounts
Fake Piratebay authentication window

IOCs

66860309953dc7cd7faee88ec90a81f6
7576b8677975261fbb1e799d0231ec01
64dc8f3197607dbf652b985edb99ad4e
035cff7c52460a69f77a0a09db05a6f7
a85f90f07dd9e8aab51c65d8287ec6be
a857ae5cb87b23359ed70b8177aa44d3
45d4df9b38a8f8da385714f32415cd34

Phishing domain

www.mobilekey[.]pw



Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: