Popular torrent files, especially games, have been found packaged with malicious coding Credit: Simon Steinberger Be careful with what you torrent. A new tool on the black market is helping hackers distribute malware through torrent files in exchange for a fee.On Tuesday, security researchers at InfoArmor said they discovered the so-called “RAUM” tool in underground forums.It leverages torrenting — a popular file-sharing method associated with piracy — to spread the malware. Popular torrent files, especially games, are packaged with malicious coding and then uploaded for unsuspecting users to download.Using torrents to infect computers is nothing new. But the makers of the RAUM tool have streamlined the whole process with a “Pay-Per-Install” model, according to InfoArmor. RAUM’s developers have created a slick interface for their product. It can monitor the status of the malicious torrent files over popular sites such as The Pirate Bay and ExtraTorrent, which often act as a directory for users to download pirated content. “In some cases, the lifespan of these seeded malicious files exceeded 1.5 months and resulted in thousands of successful downloads,” InfoArmor said. Customers of the tool have frequently been using it to package malware with PC-based online games for both Windows and Mac. To infect more users, the makers of RAUM were also on the lookout for known uploaders of torrent files. They would then hijack their accounts, and use them to spread even more malicious torrent files. The RAUM tool has been found distributing ransomware such as CryptXXX, in addition to the Trojan Dridex — which can steal a user’s banking credentials — and the password-lifting Pony spyware.The makers of RAUM are believed to be an Eastern European organized crime group known as Black Team, according to InfoArmor. The underground forums where the tool is sold are invite-only, with the verification process of new members quite strict. “InfoArmor strongly recommends that extreme caution be taken when visiting torrent trackers or downloading pirated digital content, operating systems and business software,” the security firm said. Related content feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Compliance Compliance Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO Careers Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe