Illegal movie sites are not the best places to visit on the internet. The fact that they are illegal should tell you that. While the legal consequences of pirating content are a big concern, you also risk getting malware, and not just any malware. Security researchers have identified a type of malware targeting illegal movie downloaders, known as Peaklight, classified as next-stage malware.
Its ultimate goal is to infect Windows systems with information stealers and loaders. Below, you'll find more details about Peaklight, along with tips to stay protected.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A person about to watch a movie on their laptop (Kurt "CyberGuy" Knutsson)
What is Peaklight
Peaklight is a new type of malware that works only in your computer’s memory and doesn’t leave a trace on your hard drive. It’s designed to secretly download other harmful software, according to Mandiant, a cybersecurity company owned by Google.
"This memory-only dropper decrypts and executes a PowerShell-based downloader," Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT."
Mandiant explains that Peaklight uses a hidden PowerShell script to download more malware. Some of the dangerous programs spread this way include Lumma Stealer, Hijack Loader and CryptBot, which are sold as services that hackers can rent to steal information or control computers.
A woman watching movies on her laptop (Kurt "CyberGuy" Knutsson)
HACKED, SCAMMED, EXPOSED: WHY YOU’RE ONE STEP AWAY FROM DISASTER ONLINE
How does it infect your computer?
The attack starts when someone downloads a Windows shortcut file (LNK), often while searching for pirated movies. These files are hidden inside ZIP folders that pretend to be movie downloads.
When the LNK file is opened, it connects to a content delivery network (CDN) that hides harmful JavaScript code, which runs only in your computer's memory. This code then runs a PowerShell script called PEAKLIGHT, which connects to a remote server to download more harmful software.
Peaklight is designed to run entirely in your computer's memory, which makes it much harder for antivirus software to detect. Since it doesn’t leave traces on storage, the antivirus would need to scan the memory (RAM) to catch it.
"PEAKLIGHT is an obfuscated PowerShell-based downloader that is part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths," Mandiant researchers Aaron Lee and Praveeth D'Souza said.
"If the archives do not exist, the downloader will reach out to a CDN site and download the remotely hosted archive file and save it to disk."
Illustration of a scammer using malware (Kurt "CyberGuy" Knutsson)
PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION
6 ways to protect yourself from malware
1) Avoid downloading pirated content: Stick to legal platforms for movies, music and software. Pirated sites are high risk because they often disguise malware as legitimate content. Even searching for a movie on search engines can lead you to dangerous sites that trigger drive-by downloads.
2) Keep your operating system and software updated: Regularly update your Windows OS, antivirus software, browsers and other applications. Security patches are released to fix vulnerabilities that malware like Peaklight can exploit. Enabling automatic updates is the best way to stay ahead of these threats.
3) Use strong antivirus software: A strong antivirus program is your first line of defense. Choose one that includes real-time scanning, memory scanning and behavioral analysis. Many modern antiviruses scan not only files but also your computer’s memory (RAM), which is where Peaklight hides.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Be cautious of suspicious links and files: Don’t click on unknown links, especially if they offer free movies, games or other attractive content. Similarly, avoid downloading files from untrusted websites, even if they seem to be harmless ZIP folders.
5) Use strong passwords and two-factor authentication: Secure your online accounts by using strong, unique passwords for each account and enabling two-factor authentication. This ensures that even if some malware like information stealers try to grab your login data, they can't access your accounts without the extra verification step. You can also use a password manager to generate and store your passwords securely.
6) Be wary of compressed files (ZIP, RAR): Compressed files are a common method for hiding malware. Even if they appear to be pirated movies, they could contain LNK files or other malicious scripts. Always scan these files with your antivirus before opening them.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
Kurt’s key takeaway
The idea of pirating content can be tempting. With so many streaming services and subscriptions out there, it’s impossible to have them all, which makes piracy seem like an option worth considering. But it’s better to pay up or watch something else. You don’t want your computer to be infected by malware and risk losing your money and personal data.
Have you ever been tempted to use illegal streaming or download sites? What stopped you (or didn’t)? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you'd like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
- What is the best way to stay private, secure and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
- How do I remove my private data from the internet?
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.