The creator of Antivirus Eset reported the spread of GoBotKR malware, which attacks users of torrent sites. This virus is a modified version of GoBot2, the source code of which is available from March 2017. This is how it's malware attack: A user downloads a torrent file of a movie or a series, after which he sees a set of intuitive programs and extensions, including files with PMA extensions (installer for codecs), MP4 and LNK.
Malware is launched after clicking on the LNK file. After you install GoBotKR, the system begins collecting information: network configuration, operating systems, processors, and data on the installed anti-virus program. This information is sent to the command C&C server located in South Korea.
List of commands that can perform a backdoor, distribute torrents via BitTorrent and uTorrent, organize DDoS attacks, change the desktop background, copy viruses to cloud storage folders (Dropbox, OneDrive, Google Drive or Removable Media, a Launch proxy includes HTTP server, change firewall settings, enable or disable Task Manager.
According to experts Assets, the main purpose of the attackers is to unite infected computers into a botnet to carry out DDOS attacks.