Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.
On Tuesday, security researchers at InfoArmor said they discovered the so-called "RAUM" tool in underground forums. It leverages torrenting – a popular file-sharing method associated with piracy – to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.
Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a "Pay-Per-Install" model, according to InfoArmor. RAUM's developers have created a slick interface for their product. It can monitor the status of the malicious torrent files over popular sites such as The Pirate Bay and ExtraTorrent, which often act as a directory for users to download pirated content.
"In some cases, the lifespan of these seeded malicious files exceeded 1.5 months and resulted in thousands of successful downloads," InfoArmor said. Customers of the tool have frequently been using it to package malware with PC-based online games for both Windows and Mac.
To infect more users, the makers of RAUM were also on the lookout for known uploaders of torrent files. They would then hijack their accounts, and use them to spread even more malicious torrent files. The RAUM tool has been found distributing ransomware such as CryptXXX, in addition to the Trojan Dridex – which can steal a user's banking credentials – and the password-lifting Pony spyware.
The makers of RAUM are believed to be an Eastern European organized crime group known as Black Team, according to InfoArmor. The underground forums where the tool is sold are invite-only, with the verification process of new members quite strict. "InfoArmor strongly recommends that extreme caution be taken when visiting torrent trackers or downloading pirated digital content, operating systems and business software," the security firm said.