← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update for a video player plugin. When the user attempted to watch a video, the player displayed a message saying the plugin version was outdated and asking to install an update to continue.
Indicators of Compromise (8 / 15 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | 5d14vnfb.space | — | 2026-05-28 | |
| domain | jeaw520i.space | — | 2026-05-28 | |
| domain | kristina.quest | — | 2026-05-28 | |
| domain | m4yuri.online | — | 2026-05-28 | |
| domain | qdmagva5.space | — | 2026-05-28 | |
| domain | r7mvjl67.space | — | 2026-05-28 | |
| domain | urush1bar4.online | — | 2026-05-28 | |
| domain | zgj1tam9.space | — | 2026-05-28 |