Malicious Torrent Distributes Agent Tesla via Subtitle Files
Summary
Hide ▲
Show ▼
A fake torrent for the movie 'One Battle After Another' contains malicious PowerShell loaders hidden in subtitle files. When executed, these loaders infect devices with the Agent Tesla RAT malware. The infection chain involves multiple stages, including extracting encrypted data blocks from the subtitle file and deploying additional PowerShell scripts. The malware ultimately steals credentials and captures screenshots. This campaign highlights the use of subtitles as a stealthy vector for malware delivery.
Timeline
-
12.12.2025 19:12 1 articles · 23h ago
Malicious Torrent for 'One Battle After Another' Distributes Agent Tesla
A fake torrent for the movie 'One Battle After Another' contains malicious PowerShell loaders hidden in subtitle files. When executed, these loaders infect devices with the Agent Tesla RAT malware. The infection chain involves multiple stages, including extracting encrypted data blocks from the subtitle file and deploying additional PowerShell scripts. The malware ultimately steals credentials and captures screenshots.
Show sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12
Information Snippets
-
The malicious torrent contains a subtitle file with embedded PowerShell scripts between lines 100 and 103.
First reported: 12.12.2025 19:121 source, 1 articleShow sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12
-
The PowerShell scripts extract AES-encrypted data blocks from the subtitle file to reconstruct five additional PowerShell scripts.
First reported: 12.12.2025 19:121 source, 1 articleShow sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12
-
The extracted scripts perform actions such as creating a hidden scheduled task, decoding binary data from an image file, and loading the final payload (Agent Tesla) into memory.
First reported: 12.12.2025 19:121 source, 1 articleShow sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12
-
Agent Tesla is a Windows RAT and information stealer that targets browser, email, FTP, and VPN credentials, as well as captures screenshots.
First reported: 12.12.2025 19:121 source, 1 articleShow sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12
-
Bitdefender researchers noted that the malicious torrent had thousands of seeders and leechers, indicating significant distribution.
First reported: 12.12.2025 19:121 source, 1 articleShow sources
- Fake ‘One Battle After Another’ torrent hides malware in subtitles — www.bleepingcomputer.com — 12.12.2025 19:12