Disney’s newest Snow White film, with a 1.6/10 IMDb ranking, isn’t simply the most important flop the corporate has ever launched. It’s such a humiliation that the film isn’t even accessible on Disney’s personal streaming platform, Disney+.
Based on cybersecurity researchers at Veriti, scammers are exploiting the scenario by providing pirated variations of Snow White, particularly focusing on torrent users and tricking them into downloading malware.
The Lure of a Pirated Obtain
On March twentieth, what initially gave the impression to be a professional weblog put up on the web site “TeamEsteem” (teamesteemmethodcom) provided a pirated model of the 2025 Snow White film. The put up supplied a magnet torrent hyperlink that appeared secure however was truly a entice. Researchers recognized the torrent file as a malicious marketing campaign designed to compromise customers’ gadgets.
Based on the corporate’s blog post shared with Hackread.com, the torrent hyperlink led to a package deal of three recordsdata. Whereas it might need appeared like a normal film obtain, it was something however. Veriti discovered that 45 individuals had been already sharing or “seeding” the file, which might embrace each unsuspecting victims and attackers working to unfold the entice quicker.
A Faux Codec That “Spells” Hassle
When customers downloaded the torrent, they didn’t get a film. As a substitute, they acquired a bundle of recordsdata, together with a README doc and a suspicious file named “xmph_codec.exe.” The README claimed the codec file was essential to play the film, a typical trick used within the early days of on-line piracy to idiot customers into putting in malicious software program.
Nevertheless, on this case, working the “codec” file triggered a series of malicious actions on the consumer’s machine, together with the next:
- Disables Safety: It shuts down Home windows Defender and different built-in protections, leaving the machine vast open to extra assaults.
- Installs Malware: The file was flagged as malicious by 50 out of 73 safety instruments on VirusTotal, a preferred platform for analyzing suspicious recordsdata.
- Drops Extra Threats: It quietly provides further dangerous recordsdata to the system, setting the stage for additional injury.
- Installs TOR Browser: It downloads and installs the TOR browser, a device usually used to entry the Darkish Internet, with out the consumer’s information.
- Connects to the Darkish Internet: The malware communicates with a hidden server on the Darkish Internet (utilizing a .onion tackle), making it laborious for safety instruments to trace or block it.
Briefly, what seemed like a free film exposes customers to information theft or presumably ransomware.
What’s The Reference to TeamEsteem?
TeamEsteemMethod.com is the official web site of Staff Esteem, LLC, a US-based group based by Jamie Levine, devoted to helping dad and mom, colleges, and educators in addressing varied childhood challenges.
Veriti’s crew believes the attackers behind this marketing campaign managed to get their malicious weblog put up onto the TeamEsteem web site in one in every of two methods: both by exploiting a vulnerability within the outdated model of the Yoast web optimization plugin or through the use of stolen admin credentials to entry the web site.
The vulnerability in query is CVE-2023-40680, discovered within the outdated model of the Yoast web optimization plugin, a preferred web optimization device utilized by over 10 million WordPress web sites. Alternatively, the attackers could have logged into the positioning utilizing stolen admin credentials to put up the pretend weblog entry themselves.
Both means, the attackers used the positioning as a medium to trick customers into downloading their malware, banking on the hype round Snow White to attract in victims.
Not The First Time
This isn’t the primary time cybercriminals have used pirated motion pictures as bait, and it gained’t be the final. Excessive-profile releases like Snow White are prime targets as a result of they appeal to big curiosity, particularly when authorized choices are restricted. With no streaming launch on platforms like Disney+, many followers flip to torrent websites, hoping to economize or time. However as this marketing campaign exhibits, there’s no such factor as a “free lunch.”
Previously, attackers have exploited the recognition of flicks like John Wick 3, Contagion, Black Widow, Joker, Ford v Ferrari, Pirates of the Caribbean, and lots of others to distribute malware and ransomware.
The excellent news? You possibly can nonetheless keep away from falling into traps by avoiding piracy, being cautious with malicious torrents, protecting your anti-malware up to date to detect the most recent threats, and utilizing widespread sense.
