Cybercriminals have made the upcoming 2025 Christmas holiday season a prime target, exploiting the surge in online entertainment searches. They now run a sophisticated campaign that uses fake movie torrents to deliver fileless malware, creating a serious risk for unsuspecting users.
A prominent example involves a counterfeit torrent for Leonardo DiCaprio’s film, “One Battle After Another.” This fraudulent file is designed to infect systems rather than provide entertainment. It highlights the acute dangers of downloading unauthorised content from unverified sources.
Cybersecurity firm Bitdefender has detailed the threat. They linked the fake torrent to the deployment of the Agent Tesla remote access trojan (RAT). Users are misled into believing they are opening a legitimate video file. Instead, they initiate a multi-stage, malicious execution chain.
This campaign employs advanced fileless infection techniques. The malicious payload operates entirely within a system’s memory, never writing traditional files to the hard drive. The torrent contains heavily obfuscated scripts that, when executed, leverage trusted system tools like PowerShell to carry out the attack.
Bitdefender Labs uncovers an Agent Tesla delivery chain disguised as a movie torrent. A “CD.lnk” shortcut triggers a hidden command chain that runs scripts embedded in a subtitle file. https://t.co/vhL41EHFCg pic.twitter.com/kav1TWaJNJ
— Virus Bulletin (@virusbtn) December 12, 2025This methodology allows the malware to evade many conventional detection systems. It leaves minimal forensic evidence, making it particularly stealthy and persistent.
Once successfully deployed, Agent Tesla grants attackers comprehensive remote control over the compromised device. The primary objective is data theft. The malware can harvest sensitive information, including saved passwords, banking credentials, financial data, and login details for various online accounts.
Furthermore, an infected machine joins a larger botnet, which attackers then use to launch future large-scale cyberattacks against other targets. This approach amplifies the damage far beyond the initial victim.
Read: New DroidLock Android Malware Locks Phones, Demands Ransom
Security experts emphasise that downloading pirated media carries grave and escalating risks. These threats peak during holiday seasons and major film releases when user demand is highest, and vigilance may be lower.
It is part of a sustained trend in which threat actors strategically use entertainment-themed lures. Fake downloads of new movies, series, or software exploit public interest and victimise a broad audience of internet users.
