Fake Leonardo DiCaprio film torrent used to spread Agent Tesla malware

Security researchers at Bitdefender have identified a malware campaign that uses a fake torrent advertising a new Leonardo DiCaprio film to distribute the Agent Tesla malware. The torrent claims to contain a movie titled One Battle After Another, but instead delivers a multi-stage infection chain designed to compromise Windows systems. The campaign targets users searching for pirated content and relies on technical complexity rather than obviously malicious files to avoid detection. Bitdefender analysts said the approach shows deliberate effort to evade traditional security controls.

 

 

The attack begins when a user downloads the torrent and opens what appears to be a shortcut to the film. Instead of launching video content, the shortcut activates a hidden command sequence. According to Bitdefender, this sequence is embedded within files that resemble subtitles or other harmless media components. Once triggered, the commands initiate a chain of scripts executed through built-in Windows tools such as the command prompt and PowerShell. Each stage prepares the environment for the next without producing visible warning signs for the user.

Bitdefender researchers reported that the scripts extract additional data concealed inside image files and compressed archives included in the torrent. These files are designed to look legitimate and are unlikely to raise suspicion during casual inspection. The extracted components are decrypted and executed directly in system memory rather than being saved as traditional executable files. This fileless technique reduces the chance of detection by security products that focus on scanning stored files.

To ensure persistence, the malware creates a scheduled task with a name that appears routine. This allows the malicious process to continue running after a system restart. The final payload deployed through this method is Agent Tesla, a remote access trojan that has been active for many years. Bitdefender said Agent Tesla is capable of stealing credentials from browsers, email clients and other applications, as well as collecting information related to financial activity. The malware also enables remote access, allowing attackers to monitor or control infected systems.

The campaign demonstrates how high-profile entertainment releases are used as effective lures. Bitdefender noted that thousands of users downloaded the torrent before it was identified as malicious. Newly released films generate strong interest, creating opportunities for attackers to distribute malware quickly through peer-to-peer networks. The lure depends on urgency and curiosity, with attackers assuming users will be less cautious when attempting to access popular content for free.

Bitdefender analysts said the layered design of the infection chain reflects a higher level of sophistication than many common malware campaigns. The combination of shortcut files, scripts, encrypted data and memory-based execution allows the attack to blend into normal system behaviour. The use of legitimate operating system utilities further complicates detection and analysis.

Bitdefender advised users to avoid downloading pirated movies or software from unverified sources. Files that contain shortcuts, scripts or unexpected archive structures should be treated as potential threats. Keeping security software up to date and exercising caution when opening downloaded content can reduce the risk of infection. The findings highlight how established malware families continue to evolve by exploiting demand for popular media and weaknesses in user behaviour rather than relying on new technical exploits.

Incoming search terms:

• outjtq