Scammers target Leonardo DiCaprio fans with malware-ridden "One Battle After Another" torrent
Fake torrent spreads across seeders and leechers, executing hidden malware
· TechRadarNews By Efosa Udinmwen published 16 December 2025
Malware kan ställa till med oreda (Image credit: Shutterstock) Share Share by:
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google
- Fake movie torrents deliver multi-stage malware without the user noticing execution steps
- AgentTesla steals browser, email, FTP, and VPN credentials silently and efficiently
- Malicious PowerShell scripts hide inside subtitles, extracted when users launch shortcuts
Cybercriminals have circulated a fraudulent torrent claiming to contain “One Battle After Another”, a film released on September 26, 2025, starring Leonardo DiCaprio.
The torrent appears authentic at first glance, bundling a large movie file alongside images, subtitles, and a shortcut presented as a launcher.
Researchers observed thousands of seeders and leechers attached to the file, suggesting wide distribution rather than an isolated campaign.
How the infection chain is triggered
The attack begins when the user clicks a shortcut file disguised as a movie launcher.
This action executes Windows commands that silently extract and run a malicious PowerShell script hidden inside the subtitle file.
Attackers conceal the script between specific subtitle lines, blending it into text that appears harmless during casual inspection.
Once activated, the script extracts multiple AES-encrypted blocks embedded in the same subtitle file, reconstructing several additional PowerShell scripts on the system.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors