International antivirus company ESET warns of a new malware that threatens users of torrent sites.
The malware was named GoBot2/GoBotKR. It is distributed under the guise of various games and applications, pirated copies of movies and TV shows. After downloading such content, the user receives files that are harmless at first glance. However, in reality, they contain malware.
The malware is activated after clicking on the LNK file. After GoBotKR is installed, system information is collected: network configuration data, operating system, processor, and installed antivirus programs. This information is then sent to a C&C server located in South Korea.
The collected data can then be used by attackers when planning certain attacks in cyberspace. These, in particular, can be distributed denial-of-service (DDoS) attacks.
The malware is capable of executing a wide range of commands. Among them: distribution of torrents via BitTorrent and uTorrent, changing the desktop background, copying the backdoor to cloud storage folders (Dropbox, OneDrive, Google Drive) or removable media, starting a proxy or HTTP server, changing firewall settings, enabling or disabling the dispatcher tasks, etc.
It is possible that in the future, infected computers will be combined into a botnet to carry out DDoS attacks.
Source: 3dnews.ru