Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Agent Tesla malware delivered through fake One Battle After Another torrent

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

A fake torrent for One Battle After Another now delivers Agent Tesla through PowerShell loaders hidden in subtitle files, putting Windows movie-download devices at risk of credential theft. The infection chain uses a CD.lnk shortcut and staged extraction from files such as `Photo.jpg` and `Cover.jpg` to load the stealer in memory. Bitdefender said the torrent had thousands of seeders and leechers, widening the exposure surface for users chasing the movie.

Related Happenings

Vidar Stealer 2.0 fake game-cheat distribution

Malware Activity
First: 18.03.2026 13:15 Last: 18.03.2026 13:15 Sources 1

About this happening: The **Vidar Stealer 2.0** malware is being spread through **fake game-cheat repositories** and **Reddit lures**, putting players seeking cheats for major online games at risk of *...

Open Happening

LummaStealer infection surge via CastleLoader

Malware Activity
First: 11.02.2026 19:02 Last: 11.02.2026 19:02 Sources 1

About this happening: The **LummaStealer** infostealer operation now includes a **widespread ClickFix campaign** observed in **February 2026** that abuses **Windows Terminal (wt.exe)** instead of the R...

Latest development: 06.03.2026 08:44

Microsoft disclosed a widespread ClickFix social-engineering campaign that uses Windows Terminal (wt.exe) instead of the Windows Run dialog to trick users into launching malicious commands, then chains through Terminal, PowerShell, cmd.exe, and MSBuild.exe to download payloads, set persistence via scheduled tasks, configure Microsoft Defender exclusions, and inject Lumma Stealer into chrome.exe and msedge.exe with QueueUserAPC().

Open Happening

Phorpiex MaaS botnet ransomware-delivery activity

Malware Activity
First: 10.02.2026 18:00 Last: 10.02.2026 18:00 Sources 1

About this happening: The **Phorpiex** botnet is being delivered through a **high-volume phishing** chain that can hand off to **ransomware**, increasing the risk of secondary payload delivery. The lur...

Open Happening

Windows .scr phishing campaign delivering JWrapper RMM access

Campaign
First: 04.02.2026 23:06 Last: 04.02.2026 23:06 Sources 1

About this happening: The **Windows .scr phishing campaign** is using **business-themed lures** to trick users into running screensaver files that install **JWrapper** and hand attackers **interactive...

Open Happening

UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware

Campaign
First: 05.01.2026 19:56 Last: 05.01.2026 19:56 Sources 1

About this happening: **UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...

Open Happening

Timeline

  1. 12.12.2025 19:12 2 articles · 5mo ago

    Bitdefender finds fake One Battle After Another torrent with Agent Tesla

    Initial Disclosure

    Bitdefender identified a fake torrent for Leonardo DiCaprio’s One Battle After Another that used a CD.lnk shortcut and subtitle-embedded PowerShell loaders to unpack additional scripts, check whether Windows Defender was active, install Go, and load Agent Tesla directly into memory on Windows devices.

    Show sources
    Open in new tab