The entertainment industries regularly warn the public at large that pirate sites are riddled with malware and viruses, posing a threat to unwitting visitors.
While these comments are partly made out of self-interest, they’re not entirely overblown. There are indeed plenty of scammers who upload nasty content that is added to, or disguised as, popular files.
This is nothing new and generally speaking, these files are easy to spot and swiftly removed from well-moderated sites. However, in a recent case, this wasn’t as apparent, since it involved a well-known uploader that had a “trusted’ status on some sites.
The uploader in question is Cracksnow, who shared tens of thousands of cracked software titles in recent years. A dedicated group of followers watched these torrents and “Cracksnow” was previously listed as one of the most searched for terms on torrent sites.
In recent months, however, numerous reports claimed that these popular releases contained malware, or even ransomware, which can do serious harm to one’s computer.
Below is an example of a now-removed torrent on 1337x.to which reportedly included a copy of the GandCrab ransomware.
A few of these reports are nothing out of the ordinary. Anti-virus vendors sometimes flag cracks as malicious, without good reason, for example. Also, “rival” uploaders may try to discredit the competition with fake malware reports.
However, in the case of CracksNow, the complaints were plentiful, persistent, and not without consequence.
Earlier this month, the popular torrent site 1337x took action and banned the account. This is quite unusual since it was a “trusted” uploader, but a senior staffer informs TorrentFreak that the reports were warranted.
“He was banned by myself because I found ransomware in his uploads,” the 1337x admin, who prefers not to be named, tells us.
“I also checked the same uploads from him on a couple other torrent sites and got the same results. I immediately alerted their staff about it so they could investigate and take appropriate action, which they did,” the admin adds.
Indeed, several other torrent sites, including TorrentGalaxy, have banned the CracksNow account as well. A Pirate Bay admin also confirmed that the uploader was purged from their site months ago, but no reason was specified.
Every day moderators on torrent sites have to review a lot of reported torrents. These are all checked carefully and in many cases, there’s nothing malicious going on. That said, malware infested torrents are found on a daily basis.
The 1337x admin informs us that they have a system in place to ensure that things don’t get out of hand. This includes an approval process for uploaders. However, this obviously isn’t perfect.
“It is a daily battle to sort the scumbags from the legit uploaders and staff work very hard but it’s not foolproof. What I will say is staff are very quick to adapt to all the new ways people try to beat our systems,” the admin says.
In the case of CracksNow, the moderators didn’t see it coming. That said, the account is banned now and the team believes that all malicious torrents have been deleted.
“I must admit that it is rare for a trusted uploader of this caliber to go rogue. It’s normally new guys that have the infected files,” the 1337x admin notes.
“CracksNow was a trusted uploader and had been warned in the past but only for misdemeanors. To the best of our knowledge, the remaining torrents are ransomware free but his account is due for removal.”
Indeed, while many recent torrents have been deleted, the CracksNow account and many older torrents remain available. This is because the site has some built-in protections which makes it hard to delete accounts with this many torrents.
The moderation team doesn’t believe these older torrent are malicious but it’s working on a full removal of the account. This will take some time though.
While CracksNow is no longer welcome at several torrent sites, the uploader still has his own home at CracksNow.com. Plenty of new uploads still appear there regularly.
TorrentFreak reached out to the uploader to hear the other side of the story, but after a few days, we have yet to get a response.
Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.
Most Internet providers do their best to keep the peace with copyright holders. Swedish ISP Bahnhof is not one of them. The company has been a fierce opponent of copyright trolling, invasive data retention laws, […]
Michael Gillespie is the researcher that folks and corporations flip to when their data files are locked by ransomware. He has managed to unlock numerous malicious strains so considerably, and he keeps on fighting the […]