Sathurbot backdoor trojan uses torrents as a delivery medium to compromise weak WordPress administrator accounts.
Looking to download a movie or software without paying for it? There might be associated risks. It just might happen that your favourite search engine returns links to torrents on sites that normally have nothing to do with file sharing and when you begin torrenting in your favourite torrent client, you will find the file is well-seeded and thus appears legitimate.
If you download the movie torrent, its content will be a file with a video extension accompanied by an apparent codec pack installer, and an explanatory text file. It is in the “codec pack installer” that the malicious payload is embedded and running it infects the victim’s computer.
The infected computer is then remotely controlled by the attackers and used as part of a botnet, to try to break into various other websites. Through examination of logs, system artefacts and files, ESET researchers found that the current botnet consists of over 20,000 infected computers and has been active since at least June 2016.
ESET Ireland recommends users to avoid running executables downloaded from sources other than those of respected developers, and downloading files from sites not designed primarily as file-sharing sites.
The full analysis of the Sathurbot attack is available on ESET Ireland’s official blog.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…