Chinese portal offers latest movies – then infects with trojans, keyloggers
According to the IT security vendor’s threat analyst Andrew Brandt, one of the latest ‘movie sites’ located in China gives users a lot more than the latest pirated movies.
It installs an Apache web server – as well as half a dozen keylogger and downloader payloads – disguised as components of legitimate apps.
“The lylwc.com domain itself is quite a piece of work. It claims to offer free downloads or streams of current Hollywood movies, as well as an extensive library of films and TV shows”, he said in his security blog.
“The operative word is ‘claims’ as when you try to view those movies, the site attempts to push a download of a trojan-ed installer for the QVOD media player”, he added.