Internet users are warned to be on the alert for a malware disguised within the newly released Netflix movie, Okja. The movie received huge publicity when it premiered at the prestigious Cannes Film Festival, the second Netflix film to do so. However, the movie is available to Netflix subscribers and in a handful of selected theaters worldwide, thus the infection is expected to be high for non-Netflix subscribers who download a pirated version of the movie.

If a user downloads the tampered Okja movie file distributed via P2P websites, a video file together with a .txt file is downloaded. This text file contains installation guidelines and the download address for the Netflix MKV Player. The installation file for the player, which can be downloaded via the address, is shown in Figure 1.

When this file is executed, the installation of the Netflix player proceeds but also installs a Potentially Unwanted Program (PUP). This PUP is how the malware is infiltrated into a user’s computer system. The malware will then continuously attempt to communicate with the C&C server.

[Figure 2] Program installation screen

There is a continuous report of malware infections through the illegal downloading of files using torrent websites. Attackers are well aware of the increase in the success rate of infections by disguising malware with popular movie files such as Okja.

In order to prevent damages from this type of malware, it is paramount not to download illegal files from unknown sources and the use of genuine, certified programs and legitimate services is recommended. In addition, updating your anti-virus software to the latest version and conducting malware checks before downloading is a good security habit to practice.