It’s no secret that scammers are constantly trying to trick people into downloading malicious content from pirate sites.

These files are generally easy to spot for seasoned pirates and they are often swiftly removed from well-moderated sites. However, for casual downloaders, malware can be a serious problem.

Novices are often directed to dubious portals where these threats are harder to avoid. That can lead to disastrous consequences. This isn’t limited to annoying popups either, it can result in financial trouble as well.

Bitdefender Warns Against Malicious Cracks

This week, cybersecurity company Bitdefender reports that hackers are actively using software cracks to empty people’s cryptocurrency wallets. The company discovered a series of malicious KMS activators for Office and Windows, as well as Adobe Photoshop cracks. These can completely compromise the victim’s computer.

If these malicious cracks are executed, they drop a copy of the legitimate data transfer software “ncat.exe” that can be controlled by the hackers. This tool is used to transfer valuable data from the victim’s computer through a TOR proxy.

Torrent Clients Exfiltrate Crypto Wallets

Interestingly, Bitdefender reports that the attackers also use BitTorrent clients to exfiltrate data. Bitdefender’s director of threat research, Bogdan Botezatu, informs us that they discovered instances of the Transmission client that shared stolen data via torrents.

“Our monitoring shows that they are using the Transmission client to seed the information they want to exfiltrate. They create torrents with the data to be stolen, then use the client to seed that information through the network,” Botezatu informs TorrentFreak.

The torrent clients are not essential but Bitdefender believes that they may be used to obfuscate the malicious traffic.

“While the attackers can directly exfiltrate data by simply zipping the files and sending them across the network, the BitTorrent avenue might help them bypass potential firewalls and blend the traffic into the peer-to-peer noise,” Botezatu adds.

Hackers Install Transmission

It is worth noting that this doesn’t mean that Transmission users are somehow more vulnerable. The research found that the hackers actively install the client, so it can happen on any system.

With the backdoor, the hackers have full access to the victims’ computers. They use this to steal all sorts of valuable data, including Monero cryptocurrency wallets, if those are available.

The cybersecurity company believes that the malware isn’t completely relying on automated requests. Instead, it is likely being controlled by a human operator who can change strategy based on individual situations.

Firefox Credentials and More

In addition to stealing cryptocurrency wallets, the security researchers also found that the hackers are going after Firefox browser profile data, which includes browsing history, credentials, and session cookies. This can then be exploited to do more damage.

These are just a few examples of what can be done. Since the attackers have pretty much full access the victims are vulnerable to all sorts of threats. This may vary based on what opportunities the hackers see.

“This list of actions is non-exhaustive, as attackers have complete control of the system and can adapt campaigns based on their current interests,” Bitdefender warns.

Who’s at Risk?

As we mentioned earlier, these types of malware-ridden cracks mostly affect people who download files from sites that have little or no moderation. This is confirmed by Bitdefender as well.

“These cracks are usually hosted on direct-download websites rather than on torrent portals, as the latter have a community that downvotes and flags malicious uploads,” Botezatu says.

At the moment the malware-loaded cracks are most popular in North America and India. More technical details about the files and processes involved can be found in Bitdefender’s full writeup .

From: TF , for the latest news on copyright battles, piracy and more.

Thousands of torrent sites have come and gone over the years but only a handful of large public sites have stood the test of time.

The Pirate Bay is an obvious example but in Russia and surrounding countries, RuTracker is king. This massive torrent site and tracker has endured many storms but has still managed to stay afloat for more than 16 years.

Like all torrent sites, to a great extent, RuTracker relies on its users to seed and share content, whether that’s movies and TV shows or games, music or eBooks. As long as these human parts of the ecosystem play their crucial role in distribution, content should in theory remain available forever. In reality, though, it rarely works that way for long periods of time.

To the detriment of the sites they frequent and other file-sharers, only a small number of BitTorrent users share significantly more data than they take. Fewer still seed for prolonged periods of time. This means that torrents with initially large seed and leech counts can diminish quickly and when the number of seeders on a torrent reaches zero, people hoping to obtain that content have their options severely restricted.

To mitigate this type of problem, a group on RuTracker known as ‘The Guardians / The Keepers’ have been storing huge volumes of content and seeding it to the masses, with a reported focus on older and rare content. In a community post late December, a RuTracker admin revealed that the group had been doing its work for more than 10 years, helping to distribute 1.52 million poorly-seeded torrents referencing around 2,470TB of data, to the tune of 100 to 150TB of transfers per day.

Given that court-ordered blocking is preventing the free flow of regular users into the site to replace those that inevitably leave, RuTracker said that extreme pressure is being placed on The Guardians’ resources, particularly in respect of sheer lack of hard drive space. So, in an effort to boost their output, the site launched a crowdfunding campaign hoping to buy enough new hard drives to store and seed an additional 600 and 800TB of old and rare content.

“First of all, these are distributions that are in low demand by the general public due to their age, narrow focus or volume, but are still of historical and practical value,” the admin explained .

“Specialized software, old versions of software, images of games for now redundant consoles, alternative distributions of media files, etc. If you watch movies, listen to music, download games or software that were released more than a year ago, then each of you may be faced with a situation where there is no way to download the desired distribution due to the lack of distributors. This fundraiser is intended to minimize such incidents.”

After being launched early January, the crowdfunding campaign has now reached its target. According to a report from Meduza , two million rubles (around US$26,870) was raised in just a few weeks, meaning that The Guardians will now get the hard drives they need to ensure that older, rare and historically significant torrents are kept alive.

While the site and its users will be no doubt pleased that their target has been reached quite quickly, it still took weeks to raise a fairly modest amount, something which reflects the general nature of the BitTorrent ecosystem when sharing quotas aren’t enforced.

According to SimilarWeb stats, RuTracker.org receives around 40 million visits per month, yet only a relatively small number of visitors in January contributed to the fundraiser. In the same way, millions of people regularly jump on torrents offered by dozens of trackers, yet only a tiny proportion go the extra mile to make sure content remains available.

BitTorrent is an extremely powerful protocol but without high-levels of human altruism, interventions like this will always be required if niche content isn’t to fall by the wayside.

From: TF , for the latest news on copyright battles, piracy and more.

In the closing months of 2020, enforcement measures against private torrent sites in Denmark became evident when the alleged 69-year-old operator of NordicBits was arrested by Spanish police.

Then, following a complaint from local anti-piracy group Rights Alliance, the State Prosecutor for Serious Economic Crime (SØIK) had a 33-year-old Danish man arrested in Morocco on suspicion of running DanishBits .

With both sites shut down, two other sites – Asgaard and ShareUniversity – opened their doors to new members but were quickly warned they too faced similar treatment.

Asgaard quickly shut itself down as did ShareUniversity, but fresh arrests earlier this month showed that the authorities were ready to pursue their operators.

Attention Switches To Persistent BitTorrent Pirates

When torrent sites shut down, there is a tendency among users to find new homes, as illustrated by the exodus from NordicBits and DanishBits to would-be replacements. While this can happen seamlessly, the authorities in Denmark have already signaled the possibility of tracking down site users, using data obtained during earlier raids.

“The most important thing is clearly to stop the illegal services, but it can certainly not be ruled out that seized data can lead to the identification of the users of the two illegal networks,” Deputy Police Inspector Michael Lichtenstein said in December.

It’s not uncommon for pirates to dismiss these kinds of statements as scare tactics or lacking in substance but there are now signs that SØIK and Rights Alliance intend to make good on their warning. In a statement published Friday, Rights Alliance says that it intends to “sharpen its focus” on these entrenched users “who stubbornly stick to their illegal activities.”

Referencing the closure of Asgaard and the associated arrests, Rights Alliance notes that SØIK is maintaining a keen interest in persistent pirates, something that it believes is “enormously important” in its battle to prevent online copyright infringement.

According to the anti-piracy group, its earlier actions against the sites listed above reduced the number of private tracker users by more than 75% but that leaves around 25% who, despite the enforcement actions, still aren’t getting the message. As a result, further measures will be taken.

“With the IP Task Force behind it, technical insight and access to the illegal services where the Danish incarnated users have moved from, it is now possible to take an active part in sanctioning them,” Rights Alliance warns.

Interestingly, the anti-piracy group makes a specific reference to users deploying anonymization techniques, noting that they have the tools to unmask them, whether they’re using a VPN or not. TorrentFreak asked for more information on this claim but Rights Alliance declined to elaborate at the moment, instead offering to supply more information in the coming weeks.

Warning To Operators and Users Of New Pirate Sites

With Asgaard and ShareUniversity no longer open for DanishBits and NordicBits refugees to get their file-sharing fix, there are reports that other sites are already stepping in to bridge the gap. However, Rights Alliance warns that these services won’t be the safe haven most users prefer.

“In the coming period, the Rights Alliance’s activities will be focused on the perpetrators and users of the newly established Danish services, including NorTor, which is trying to establish itself after the closures in December,” the group says.

NorTor is a reference to NordicTorrent (NorTor.org), a torrent site that’s attempting to get off the ground at the moment. The site’s operators bought the domain at the end of December and appear to be using hosting registered in Seychelles.

Potential visitors should also be aware that while easily blocked, the platform already has not one but two cryptocurrency miners running on its main page.

From: TF , for the latest news on copyright battles, piracy and more.

BiglyBT is a relatively new BitTorrent client that first entered the scene during the summer of 2017 .

The open-source software is created by ‘Parg’ and ‘TuxPaper’ who previously worked as the main developers of Azureus and Vuze. After that project stalled, they left to create their own spinoff instead.

People who try BiglyBT will immediately notice that it has been created by veteran BitTorrent coders. The user interface is old-school and packed full of nifty features, just like the client it was based on. However, BiglyBT is much more than just a copy.

First Client to Support BitTorrent v2

The developers continued improving the software over the years and they have just released a new version with several updates. This latest release includes BitTorrent v2 support, which makes it the first torrent client to support the new specification.

BitTorrent v2 isn’t well known to the public at large but developers see it as a potential game-changer. In basic terms, it’s a new and improved BitTorrent specification that includes several technical changes. It was first proposed by Bram Cohen in 2008 and updated and improved along the way.

A few weeks ago, v2 support was officially added to the Libtorrent library , which is used by popular clients including uTorrent Web, Deluge, and qBittorrent. These clients have yet to implement the functionality and were beaten to the chase by BiglyBT.

Two Types of Torrents

One of the main differences users may notice from BitTorrent v2 is that it creates a new type of torrent format. The v2 torrent format creates a different, stronger torrent hash for a given set of files which will result in a separate swarm from a v1 torrent containing the same files.

To aid migration, there are ‘hybrid’ torrent files that contain information to construct both v1 and v2 swarms for a set of files. BiglyBT supports these, allowing files to be downloaded via both the v1 and v2 swarms. Older clients may be able to access the v1 swarm without change, but this is not guaranteed.

“We support both hybrid and v2 only torrents for downloading, magnet metadata downloads and with all our existing features such as swarm discoveries and I2P,” Parg from BiglyBT informs us.

Different torrent formats may sound like a step backward, but it’s a prerequisite for many added benefits that make BitTorrent ready for the decades to come. We have discussed these benefits in detail before , including the ‘swarm merging’ possibilities.

With swarm merging, someone can download the same file from different torrents that are discovered on request. BiglyBT already has this option where new files are matched based on file sizes. This is a pretty basic approach that involves some guesswork, which makes it error-prone.

Per-File Hashes Opens Doors

BitTorrent v2 changes this, as each file within a torrent has its own hash. This makes it possible to perfectly match files, which could even be done automatically. Right now the feature isn’t implemented yet, but it’s an idea that’s being considered.

“With v2 torrents we have explicit file hashes for each file. Therefore we can switch from using file size as the proxy and take the guesswork out of the matching process,” Parg tells us.

Torrent users can already reap the benefits from v2’a fine-grained block hashes. This makes it possible to verify much smaller chunks of a file as it is downloaded.

The benefit to users of this is that, when bad data is received, either due to corruption during download or perhaps from deliberate pollution by bad actors, only a small amount of data needs to be discarded and the culprit is readily identifiable.

Change Will be Slow

For now, however, not much is going to change. While users can create and download v2 torrents with the latest release, they are not backed by any torrent sites or publishers yet. Until that changes, things will remain the same.

The BiglyBT team does want to be ready for when that time comes and they see the latest release as a conversation shifter.

“I see the BiglyBT support more as a conversation shifter away from the ‘what’s the point of v2, nobody supports it so why should I even think about it’ towards a discussion about realizing the benefits of a transition,” Parg notes.

Thus far there has been surprisingly little talk about BitTorrent v2, even from insiders. BitTorrent’s parent company TRON, which usually doesn’t shy away from making big statements, hasn’t even mentioned it yet, as far as we know.

BitTorrent inventor Bram Cohen did bring it up recently, in a discussion about a Verge article covering the controversial persona of Tron’s Justin Sun. Cohen, who added insult to injury. , said that he finalized the v2 plans before abandoning the ship.

“I made sure that the plans for BitTorrent v2 were in place before I left and am happy that it’s now launched. Protocols can develop a lot of cruft after more than a decade,” Cohen wrote last week.

Perhaps it’s a sign of the times that personal stories about the antics of a ‘technology’ entrepreneur get more press than a potential revolution in the technology itself. In any case, those who are interested in new technology can create and share their own v2 torrents with BiglyBT today.

From: TF , for the latest news on copyright battles, piracy and more.

When the BitTorrent protocol was first made public almost two decades ago, it was only supported by desktop apps.

As time went by, people started to do more from their web browsers, including downloading and streaming, but support for web-based torrenting was still lacking.

This is one of the reasons why Stanford University graduate Feross Aboukhadijeh invented WebTorrent . The technology, which relies on WebRTC, is supported by most modern browsers and allows users to seamlessly stream or download torrent files using the web.

Over the past few years, several tools and services have been built on WebTorrent’s technology. These include Instant.io , βTorrent , as well as the popular Brave browser , which comes with a built-in torrent client based on WebTorrent.

These apps and services all work as advertised. However, WebTorrent-based implementations typically come with a major drawback. Since communication between WebTorrent peers relies on WebRTC, it can’t share files with standard torrent clients by default.

LibTorrent add Support for WebTorrent

This rift between WebTorrent and traditional torrent clients is now starting to close. Libtorrent has just created a bridge between the two ‘worlds’ by implementing official WebTorrent support.

Libtorrent is a popular implementation of the BitTorrent protocol, used by clients including Deluge, qBittorrent, rTorrent, Tribler and others. By implementing the WebTorrent extensions, these clients will become compatible with browser peers and vice-versa.

“I am very excited to see libtorrent adding support for the WebTorrent protocol,” Feross tells TorrentFreak, commenting on the news.

“This opens the door for many more torrent clients to support connecting to WebTorrent peers. Browser peers will now be able to access a huge trove of content currently only available to TCP/UDP peers,” he adds.

WebTorrent’s vision always was to make all torrents available in the browser. While that was technically possible, downloading torrents could often be a challenge in reality, simply because not enough people were sharing them.

More Peers For WebTorrent Users

Right now, WebTorrent and traditional torrent clients can’t talk to each other. However, the libtorrent peers will soon act as a hybrid, bridging the gap between these two ecosystems.

With libtorrent adding WebTorrent support, the pool of available ‘hybrid’ peers will expand massively. This will render browser-based clients more usable and therefore a good alternative for casual torrenters.

“While desktop torrent clients aren’t going anywhere anytime soon, now the web browser will become a viable alternative to an installed torrent client,” Feross says .

“This is huge for less-technical users, users who can’t install native apps, or users who just feel safer using a website. WebTorrent offers more options and more ways to connect,” he adds.

While WebTorrent is now officially supported by libtorrent, it may take more time for individual clients to update to the latest version. But when that happens, WebTorrent will broaden its reach.

From: TF , for the latest news on copyright battles, piracy and more.