1. Home
  2. Blog
  3. Movies & Series
  4. Fake Leonardo DiCaprio movie torrent injecting malware globally: You need to watch out for malicious torrents

Fake Leonardo DiCaprio movie torrent injecting malware globally: You need to watch out for malicious torrents

Admin
2 min read
14 Dec
14Dec

Torrents have been a step up and a new efficient way of downloading files on the internet. A torrent is a file-sharing method that uses the BitTorrent protocol, a decentralized system where users share file pieces directly with each other, rather than downloading from a single central server. This method is highly efficient for distributing large files because it reduces the load on the original distributor and improves download speeds as more people share the file. Recntly there has been a torrent spreading malware across the internet through movie downloads. So let's dive deep into how a torrent works, how exactly this malware is spreading and what to do if you are already affected.

Ahead of the festive season, there has been a trend of bad actors injecting malware using torrents. Cyber criminals are injecting fileless malware in fake movie torrents like Leonardo DiCaprio's film 'One Battle After Another'.

Just like any other festival, holiday week or seasonal shopping spree, the Christmas 2025 holiday season, which is around the corner, is witnessing cyber criminals injecting fileless malware under the guise of fake movie torrents. The malicious campaign is linked to fake versions of popular films circulating on torrent, raising concerns about the risks associated with downloading unauthorised content. 

The attack was uncovered by researchers at Bitdefender after a sudden spike in malware detections tied to a torrent masquerading as the new movie. Instead of delivering a video file, the torrent package unfolds into a multi-layered fileless malware attack that ultimately infects victims with Agent Tesla, a powerful info-stealing RAT designed for persistent surveillance and credential theft.

What is fake Leonardo DiCaprio movie torrent injecting malware?

The infection begins when a user downloads a malicious torrent posing as a pirated copy of One Battle After Another. Inside the torrent is a file named CD.lnk, presented as a shortcut to the movie. However, this file is a decoy that triggers a malicious script chain via legitimate Windows tools such as cmd.exe, powershell.exe, and Task Scheduler.

Upon execution, the shortcut file reads specific lines from a seemingly benign subtitle file (Part2.subtitles.srt) that contain hidden batch code. This code then executes PowerShell commands to extract and decrypt additional malicious payloads, which are scattered across other disguised files within the download package, including One Battle After Another.m2ts (a fake video file that’s actually an archive), Photo.jpg (contains encoded binary data) , Cover.jpg (a password-protected archive with further scripts) These components are designed to unpack in memory, create persistence through scheduled tasks, and avoid detection by never writing the core malware binary to disk.

While attribution remains unclear, the attack appears to be opportunistic, targeting novice users who are unaware of the risks of torrenting and unlikely to scrutinize file contents. The final payload is Agent Tesla, a widely abused RAT known for keylogging, clipboard monitoring, screen capturing, and credential harvesting. Persistence is achieved by creating a scheduled task named RealtekDiagnostics that masquerades as an audio helper tool. This task launches a chain of scripts culminating in the compilation and execution of a Go-based loader for Agent Tesla.

What to do?

Security experts emphasise that downloading pirated media poses grave risks, particularly during the holiday season when high-profile films attract millions of viewers. Users should avoid downloading pirated content, scan downloaded files with an up-to-date antivirus, and monitor scheduled tasks for suspicious rogue entries, such as ‘RealtekDiagnostics.’

This widely spread tragedy is part of a trend where threat actors use entertainment-related tactics to victimise internet users.

If you have a tip, a story, or something you want us to cover get in touch with us by clicking here. Sign up to our newsletter so you won’t miss a post and stay in the loop and updated also we will be launching a free basic cybersecurity short course for beginners to teach you how to protect yourself online. Just subscribe for free to our newsletter and create an account on perusee to be eligible. 

Note: You can also advertise on Perusee, just contact us, call or app +263 78 613 9635

Click here to Follow our WhatsApp channel

Keep comments respectful and inline with the article, also create an account and login to chat with members in our forum, get help on issues you need help with from community members.

TechnologyEntertainmentMovies & Series
Cybersecurity Hollywood Malware
20Jan
Can WhatsApp be hacked? and how to protect yourself from hacking.
20Jan
Hollywood actors getting cold feet over AI generated “Synthetic Actors” with Sag Aftra joining Writers Guild in taking action and AI is taking over every industry.
20Jan
WI-FI HACKING TECHNIQUES: WHAT YOU NEED TO KNOW
Comments
* The email will not be published on the website.