As we all know, winter time is cinema time, and the Oscars are drawing ever closer. So it’s no wonder that more and more films are being released that are attracting the attention of the masses. September saw the release of One Battle After Another , a fast-paced drama starring Leonardo DiCaprio, which is already being touted as an Oscar favorite. However, with a running time of just under three hours, it seems that not everyone wants to go to the movies, preferring instead to watch it from home. And they are also resorting to illegal means. Criminals are now exploiting this, as security experts from Bitdefender warn . Torrents of One Battle After Another are currently in circulation, spreading a dangerous Trojan called “Agent Tesla.” This Trojan can not only steal access data, but also monitor PCs, take them over completely and even control them remotely. The campaign appears to be large-scale and has therefore aroused the interest of researchers. In their report, they also describe the unusual method used by the malware to access affected systems. This is how the infection works After downloading the file that is supposed to contain the film, the user is shown a folder containing various seemingly harmless files such as CD.lnk or Part2.subtitles.srt . If the first file is executed in the hope that this will start the film, a Powershell script starts in the background instead. This accesses the second file, which actually contains subtitles in the form of a text file, but also code snippets. The script jumps to the point where the hidden code is contained and then executes it. Another file called One Battle After Another.m2ts , which is disguised as a video file, is also used to continue the infection chain. The same happens with other seemingly harmless files that together contain malicious code. The end result: the Trojan is installed on the system and the attackers can strike immediately. Undetectable even by virus scanners The procedure seems complicated, but serves one main purpose: neither Windows nor common virus protection programs can reliably detect that this is malicious software. As the attackers use seemingly harmless file types and existing tools such as Powershell, the individual processes look like completely normal accesses. Only at the very end could the user realize that it is a Trojan. But by then it is already too late and the hackers can simply block all attempts to protect the device. Even a system restart no longer blocks the attackers. The security experts do not specify exactly how many systems have already been hit by the wave of attacks. However, there is talk of thousands of downloads. In addition, attackers have already been successful with similar tactics in the past. For example, with fake downloads of the Marvel film Shang Chi and the Legend of the Ten Rings or the blockbuster Mission Impossible: The Final Reckoning , which curiously warns of the dangers of modern technology. In any case, you should refrain from obtaining films or series from illegal sites, as otherwise you could catch a malware-infected file at any time (and potentially make yourself liable to prosecution). Instead, wait for the films you are interested in to land on legal streaming services — or go to the movies while they’re still in theaters.