A recent warning from Google's cybersecurity firm Mandiant highlights a new malware strain named Peaklight, specifically aimed at individuals who engage in pirated movie downloads. This malware presents serious risks, not only from potential legal issues but also from exposure to harmful software that can severely compromise Windows computers.
According to Mandiant's blog post (via Times of India), Peaklight operates stealthily within a computer's memory, making detection challenging as it leaves no trace on the hard drive. Researchers describe it as a memory-only dropper that executes a PowerShell-based downloader, referred to as PEAKLIGHT. This downloader is capable of fetching additional malicious software onto the compromised system, heightening the threat posed to users.
Also read: Google Gemini-powered Smart Replies coming to Gmail- All details
Mandiant explains that Peaklight employs a covert PowerShell script to introduce more malware onto infected devices. This approach allows cybercriminals to deliver various harmful programs, including Lumma Stealer, Hijack Loader, and CryptBot. These programs are available as services for rent, enabling attackers to steal sensitive data or seize control of affected systems.
Cybercriminals have developed tactics to distribute Peaklight through deceptive movie downloads. They conceal dangerous Windows shortcut files (LNKs) within ZIP folders masquerading as popular films. When a user opens these files, a series of harmful actions unfolds:
Also read: Apple October event 2024: New M4 Macs, iPads expected; iPhone SE 4, Watch SE 3 to arrive in 2025
1. Connection to a Hidden Source: The LNK file establishes a link to a content delivery network (CDN), where it retrieves harmful JavaScript code. This code executes directly in the computer's memory, bypassing detection on the hard drive.
2. Activation of the Downloader: The JavaScript triggers a PowerShell script named Peaklight, setting off a chain reaction that facilitates the
Read more on tech.hindustantimes.com