Categories: Technology

Downloading free movie? You may become victim of ‘Peaklight’: What is it and how it works

A recent warning from Google’s cybersecurity firm Mandiant highlights a new malware strain named Peaklight, specifically aimed at individuals who engage in pirated movie downloads. This malware presents serious risks, not only from potential legal issues but also from exposure to harmful software that can severely compromise Windows computers.

What is Peaklight Malware?

According to Mandiant’s blog post (via Times of India), Peaklight operates stealthily within a computer’s memory, making detection challenging as it leaves no trace on the hard drive. Researchers describe it as a memory-only dropper that executes a PowerShell-based downloader, referred to as PEAKLIGHT. This downloader is capable of fetching additional malicious software onto the compromised system, heightening the threat posed to users.

Also read: Google Gemini-powered Smart Replies coming to Gmail- All details

Mandiant explains that Peaklight employs a covert PowerShell script to introduce more malware onto infected devices. This approach allows cybercriminals to deliver various harmful programs, including Lumma Stealer, Hijack Loader, and CryptBot. These programs are available as services for rent, enabling attackers to steal sensitive data or seize control of affected systems.

How Cybercriminals Deploy Peaklight

Cybercriminals have developed tactics to distribute Peaklight through deceptive movie downloads. They conceal dangerous Windows shortcut files (LNKs) within ZIP folders masquerading as popular films. When a user opens these files, a series of harmful actions unfolds:

Also read: Apple October event 2024: New M4 Macs, iPads expected; iPhone SE 4, Watch SE 3 to arrive in 2025

1. Connection to a Hidden Source: The LNK file establishes a link to a content delivery network (CDN), where it retrieves harmful JavaScript code. This code executes directly in the computer’s memory, bypassing detection on the hard drive.

2. Activation of the Downloader: The JavaScript triggers a PowerShell script named Peaklight, setting off a chain reaction that facilitates the malware’s spread.

3. Downloading Additional Threats: Acting as a downloader, Peaklight fetches further malware from a remote server, including programs like Lumma Stealer, Hijack Loader, and CryptBot, which can compromise user data or grant attackers control over the system.

Also read: WhatsApp users to soon get filters in app’s built-in camera, here’s what we know

The report emphasises that Peaklight’s operation within the computer’s memory (RAM) enhances its stealth. Traditional antivirus solutions often focus on hard drive scans, making it difficult to detect this type of threat. 

Mandiant researchers Aaron Lee and Praveeth D’Souza state, “PEAKLIGHT is an obfuscated PowerShell-based downloader that forms part of a multi-stage execution chain that checks for the presence of ZIP archives in hard-coded file paths. If these archives are absent, the downloader contacts a CDN site to download the remotely hosted archive file and saves it to the disk.” 

Users are advised to exercise caution when downloading content from unauthorised sources to avoid falling victim to malware like Peaklight.

News Today

Recent Posts

Kareena Kapoor’s Next Untitled Film With Meghna Gulzar Gets Prithviraj Sukumaran On Board

Kareena Kapoor is working with Raazi director Meghna Gulzar for her next film. The project,…

2 weeks ago

Purdue basketball freshman Daniel Jacobsen injured vs Northern Kentucky

2024-11-09 15:00:03 WEST LAFAYETTE -- Daniel Jacobsen's second game in Purdue basketball's starting lineup lasted…

2 weeks ago

Rashida Jones honors dad Quincy Jones with heartfelt tribute: ‘He was love’

2024-11-09 14:50:03 Rashida Jones is remembering her late father, famed music producer Quincy Jones, in…

2 weeks ago

Nosferatu Screening at Apollo Theatre Shows Student Interest in Experimental Cinema – The Oberlin Review

2024-11-09 14:40:03 A silent German expressionist film about vampires accompanied by Radiohead’s music — what…

2 weeks ago

What Are Adaptogens? Find Out How These 3 Herbs May Help You Tackle Stress Head-On

Let's face it - life can be downright stressful! With everything moving at breakneck speed,…

2 weeks ago

The new Mac Mini takes a small step towards upgradeable storage

Apple’s redesigned Mac Mini M4 has ditched the previous M2 machine’s SSD that was soldered…

2 weeks ago