Russian Cinemas Are Showing Pirated Movies Downloaded From Torrents

Andy Maxwell, reporting for TorrentFreak: In response to Russia's invasion of Ukraine, several Hollywood studios announced the immediate suspension of new releases in Russia. Unexpectedly, some Russian theaters are still able to show movies such as The Batman on the big screen but this isn't down to the studios. The movies are sourced from illegal torrent sites and few seem afraid to admit it.

Read more of this story at Slashdot.

Pirate Site Traffic Surges With Help From Manga Boom

New data shared by tracking company MUSO shows that the number of visits to pirate sites has increased by nearly 30% compared to last year. The publishing category is growing particularly hard, mostly driven by manga piracy. The United States continues to harbor the most pirates in absolute numbers. TorrentFreak reports: During the first quarter of 2022, pirate site visits increased by more than 29% compared to a year earlier, which is good for a dazzling 52.5 billion visits. Nearly half of this traffic (48%) goes to TV-related content. The publishing category takes second spot with 27%, followed by the film (12%), music (7%), and software (6%) categories. The traffic increase is noticeable across all types of piracy but the publishing category stands out. Compared to the first quarter of 2021, the number of visits in this category has grown explosively. Software piracy is lagging behind, but the category still continues to grow. The strong growth in the publishing category is largely driven by manga, comics or graphic novels originating from Japan. Some of the pirate sites dedicated to this 'niche', such as Manganato.com, attract well over 100 million 'visits' per month. That's more than iconic pirate sites such as The Pirate Bay and Fmovies.to. The United States is the country that sends most visitors to pirate sites. With well over 5.7 billion 'visits' in the first three months of the year, the U.S. is good for more than 10% of all piracy traffic. With a 39% increase compared to last year, pirate audience growth exceeds the global average. Russia and India follow at a respectable distance with just over 3 billion visits to pirate sites, followed by China and France, with 1.8 and 1.7 billion visits, respectively. There is no single explanation for the apparent piracy boom. However, MUSO sees the upward trend as an alarming signal and expects that the 'streaming wars' and growing subscription fatigue may play a role.

Read more of this story at Slashdot.

Botnet That Hid For 18 Months

An anonymous reader quotes a report from Ars Techinca: It's not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch tradecraft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims' networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including: - The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don't support antivirus or endpoint detection. This makes detection through traditional means difficult. - Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device. - A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with the goal of leaving as light a footprint as possible. - An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as a TLS-encrypted server that proxies data through the SOCKS protocol. The SOCKS tunnel allowed the hackers to effectively connect their control servers to a victim's network where they could then execute tools without leaving traces on any of the victims' computers. A secondary backdoor provided an alternate means of access to infected networks. It was based on a version of the legitimate reGeorg webshell that had been heavily obfuscated to make detection harder. The threat actor used it in the event the primary backdoor stopped working. [...] One of the ways the hackers maintain a low profile is by favoring standard Windows protocols over malware to move laterally. To move to systems of interest, UNC3524 used a customized version of WMIEXEC, a tool that uses Windows Management Instrumentation to establish a shell on the remote system. Eventually, Quietexit executes its final objective: accessing email accounts of executives and IT personnel in hopes of obtaining documents related to things like corporate development, mergers and acquisitions, and large financial transactions. "Unpacking this threat group is difficult," says Ars' Dan Goodin. "From outward appearances, their focus on corporate transactions suggests a financial interest. But UNC3524's high-caliber tradecraft, proficiency with sophisticated IoT botnets, and ability to remain undetected for so long suggests something more."

Read more of this story at Slashdot.