Popcorn Time Ransomware Infiltrates Your PC And Encourages You To Infect Others

Malware writers continue to find ways to make themselves out to be bigger scumbags than they already are. The latest dirty trick by the worst the web has to offer is a new twist on ransomware. Instead of simply encrypting the files on an infected PC and demanding a ransom in order to decrypt them, a variant called Popcorn Time encourages victims to infect others by offering a free key if they can get spread the ransomware to two other people.

I wouldn't rank this as a new low in malware and its authors—that distinction belongs to the soulless jerks who injected a script into the Epilepsy Foundation's website that redirected visitors to a page with seizure inducing animated GIFs. If there's a line in malware, they clearly crossed it and that remains as arguably the worst offense to date.

Locks
A new ransomware tactic is to encourage users to infect others with a referral link in exchange for an unlock key

While Popcorn Time isn't quite as heinous and doesn't set a new low overall, it is probably the worst example of ransomware to date. Not to be confused with the popular BitTorrent client with an integrated media player, the Popcorn Time ransomware comes with a referral link and two sets of directions—one for restoring files "the fast and easy way" (pay a ransom of 1 Bitcoin) and another for restoring files "the nasty way" (use the referral link to dupe two other people).

That's not the only bit of nastiness here. Entering the wrong decrypt key four times can result in files being deleted, according to an unfinished entry in the source code. It's not clear if that's a feature still in development or if it's meant to scare users into ponying up a Bitcoin (or infecting others) to be done with Popcorn Time.

On the plus side, Popcorn Time won't install on top of itself, thereby forcing the victim to obtain two keys. It checks to see if it's already been installed, and if so it terminates the process. Otherwise it gets to work installing and searching for files with several specific file extensions located in My Documents, My Pictures, My Music, and the desktop.

Since Popcorn Time is currently in development it could become even more devious as time goes on. Our advice? If you become infected, don't help the authors out by using the referral link, or else this could become an ugly trend.

Show comments blog comments powered by Disqus