There is another reason why users should be wary of downloading files from file sharing sites – they host PASSTEAL variants. PASSTEAL, as you may recall, are malware using password recovery tools to steal information stored in Internet browsers. This technique is a deviation from previous infostealers that log keystrokes to gather data from infected systems.
Using feedback from the Trend Micro Smart Protection Network™, we found that several PASSTEAL malware use social engineering lures such as variants disguised as key generators for paid applications or are bundled with tampered paid-installer application as shown below:
This indicates that PASSTEAL authors’ are targeting file sharers and downloaders who frequently use BitTorrent or visit file hosting sites to get hold of illegal copies of software. Other variants were also found disguised as e-book versions of popular Young Adult (YA) novels.