When you illegally download media, there’s always the risk that you end up downloading more than you bargained for. Malware developers love attaching their payloads to fake media files to trick others into downloading them.
Now, a new attack called Peaklight is making the rounds, and it’s targetting illegal movie downloaders.
What Is Peaklight?
Peaklight is a malicious app—but it can’t do any damage by itself. Instead, it acts as a downloader that installs the damage-dealing processes onto your PC. If you imagine Peaklight as a gun and the bullets that it fires as malware, you’ll have a good idea of what it does.
Google reported an enormous increase in Peaklight attacks on people’s systems. And unfortunately for pirates, it specifically targets people looking to illegally download a movie.
How the Peaklight Attack Works
The Peaklight downloader gets onto people’s systems using a sneaky trick. A malicious agent uploads an LNK file with a custom icon that disguises it as a movie file. LNK files by themselves aren’t malicious, but malware distributors can program them to do malicious things. In this instance, the LNK file is programmed to open PowerShell and use it to download Peaklight.
Once the malicious agent has set the trap up, it’s time for them to wait for someone to spring it.
The Victim Downloads a Fake Pirated Movie
The attack begins when someone searches online for an illegal movie to download. They visit a website that performs a drive-by download, dropping the Peaklight attack onto their system as a ZIP file.
Within the ZIP is the LNK file disguised as a movie file. The victim may believe they downloaded the movie they were looking for and double-click the file to open the “movie.” This triggers the script within the LINK file.
The Victim Activates the Downloaded LNK File
Now that the LNK file is active, it opens PowerShell and gives it a command to download Peaklight. The download is obfuscated, meaning it uses special tactics to confuse antivirus apps so they cannot tell what it’s up to.
Peaklight runs entirely in the computer’s memory to cover its tracks even further instead of running off of the target’s storage. This is a particularly effective trick that malware uses to make themselves harder to find, as the system’s antivirus has to be actively scanning the RAM to spot Peaklight’s presence.
Peaklight Downloads Its Payloads Onto the Target PC
Once Peaklight is running on the target PC, it does a quick check to see if the computer already has the payloads installed on it. If it doesn’t, it begins downloading and running malicious services. Google spotted it downloading LUMMAC.V2, SHADOWADDER, and CRYPTBOT, all of which have a focus on stealing information like cryptocurrency wallets.
How to Avoid Getting Infected With Peaklight
Unfortunately, as much as some people like free stuff, pirating movies and software online is risky. Not to mention illegal. There are malicious agents all over the internet that aim to exploit people looking for popular movies online and trick them into downloading malicious payloads. As such, if you stay away from piracy, you should stay safe from Peaklight. And no, streaming movies isn’t much better.
Even if you don’t illegally download files, it’s still a good lesson in how to handle drive-by downloads. If you visit a website and you notice that it automatically downloaded something onto your computer without your permission, treat it with extreme caution.
Sometimes, an automatic download is perfectly safe. For example, if you find a PDF file in a Google search and click the link, your browser may download the file to your drive automatically. However, if the downloaded file contains something you can execute or run, you’re better off deleting it.
The Peaklight malware is particularly nasty, as it preys on people looking for an easy way to score a free movie. If you’re worried about getting malware on your system, always consume media through legal means and ensure anyone else who uses your PC does the same.
