Tuesday, May 6, 2025
HomeCyber Security NewsMalicious Snow White Movie Download Targets Viewers with New Malware

Malicious Snow White Movie Download Targets Viewers with New Malware

Published on

SIEM as a Service

Follow Us on Google News

As the latest adaptation of Snow White hits theaters with lukewarm reception, the absence of streaming options on platforms like Disney+ has led many viewers to seek pirated versions online.

This trend is not new; every major movie release without a digital option becomes a prime opportunity for attackers to exploit users eager to watch from home.

A recent campaign identified by Veriti’s research team highlights this risk, involving a sophisticated malware distributed via torrent sites.

- Advertisement - Google News

Veriti researchers found that a blog post on the website “TeamEsteem” offered a download link for a pirated Snow White (2025) version.

However, this post was malicious, redirecting users to a torrent containing an infected file package. The attackers likely exploited an XSS vulnerability or used leaked admin credentials to access the site.

Screenshot of compromised TeamEsteem blog post offering the fake Snow White torrent
Screenshot of compromised TeamEsteem blog post offering the fake Snow White torrent 

This blog entry redirected users to download a torrent containing a three-file package, which included a malicious executable posing as a necessary codec installer.

Analysis of the Malware

Upon examining the torrent, Veriti analysts discovered a suspicious file named xmph_codec.exe, claiming to be a required video codec.

File breakdown inside the torrent package
File breakdown inside the torrent package 
Screenshot of the Video Codec installation
Screenshot of the Video Codec installation 

The file triggered a sophisticated malware deployment process when run. Key findings include:

  • Detection: Identified as malicious by 50 out of 73 security vendors on VirusTotal.
  • Compilation: Compiled on July 12, 2024, suggesting reuse from prior campaigns.
  • Unsigned Executable: Raises red flags about its origin.
  • Malicious Actions: Drops additional malicious files, silently installs the TOR browser, initiates communication with a Dark Web .onion domain, and disables Windows Defender and other security features.

The malware communicates with a C2 server on the Onion network:

  • http://cgky6bn6ux5wvlybtmm3z255igt52ljml2ngnc5qp3cnw5jlglamisad.onion
  • http://cgky6bn6ux5wvlybtmm3z255igt52ljml2ngnc5qp3cnw5jlglamisad.onion/route.php

This campaign leverages the anonymous nature of the TOR network to mask communications and evade detection.

The absence of digital streaming options for major movies like Snow White continues to drive users to illegal downloads, creating an ideal environment for attackers.

Users are advised to be cautious when seeking digital content online and to use reputable streaming services to avoid falling prey to such sophisticated malware campaigns.

This not only protects their devices but also supports legal content creators. As cybersecurity continues to evolve, staying informed about these tactics is crucial for maintaining digital safety.

Indicators of Compromise (IoCs) 

  • File hashes: 
  • 9c1a0608bae991af50096acaec9d979df9f9a3bb6e89d9d20972d6cfeb9582bb 
  • 2ec555c34f0af1514501ca5e4d999c843d5b9de7973467820fcf6034a517c4cc 
  • 8b81b0017c0e154c1fdea226f1ad0d3cfc0e301af05698bdbb7d0d6037d71a12 

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...