PirateMatryoshka Trojan

PirateMatryoshka is a new trojan that has been discovered and this will attempt to phish users and install potentially unwanted programs if unsuccessful.

The trojan is called PirateMatryoshka after the classic Russian stacking doll due to its “seemingly endless stack of functionality”.

It is delivered through disguised torrent files hosted on illegitimate sharing websites. Unlike other malware distributed in this manner, PirateMatryoshka uses established sharers’ files to propagate, increasing the likelihood they are downloaded by other users. When a user attempts to open a spoofed file, PirateMatryoshka will display a fake login window prompting the user to enter their sharing site credentials. It will then use these to create new seed files to propagate to other users.

If no credentials are entered, PirateMatryoshka will instead deploy several additional payloads, using an auto-clicking function to dismiss any warning prompts before the user can see them. At the time of publication, the majority of payloads observed have been adware and click-fraud related, such as pBot, although a significant minority have been more serious malware.

Kaspersky said that compromised accounts were most likely used by the cybercrims to spread more malicious torrents.

Further details – https://securelist.com/piratebay-malware/89740/

The Pirate Matryoshka malware displays phishing windows to steal logins and passwords to Pirate Bay accounts
Fake Piratebay authentication window



Phishing domain


Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: