The allure of Paul Thomas Anderson’s latest masterpiece, One Battle After Another, has reached fever pitch in Nairobi, but a digital trap lies in wait for eager fans looking to bypass the box office. While the film generates Oscar buzz with a star-studded cast including Leonardo DiCaprio and Regina Hall, security researchers have flagged a sinister payload hidden within illegal downloads of the movie.

Security firm Bitdefender has uncovered a sophisticated cyberattack embedded within specific torrent files of the film. Unlike typical viruses that might simply slow down a machine, this malware—dubbed Agent Tesla—is a Remote Access Trojan (RAT). It does not just disrupt your system; it hands the keys to your digital life directly to hackers, threatening the personal and financial data of anyone unfortunate enough to click 'play'.

The Trojan Horse Strategy

The attack is particularly dangerous because it preys on user behavior rather than software vulnerabilities. Bitdefender revealed that the malicious files are designed to look like a standard movie download but function very differently. Instead of a simple video file, the download contains a shortcut and a compromised subtitle file.

The infection process follows a specific sequence:

• The Lure: Users download a folder expecting the movie.
• The Trigger: Instead of a video file, users are directed to click a file named CD.lnk.
• The Payload: This executes a script hidden inside a subtitle file labeled Part2.subtitles.srt.
• The Takeover: While the subtitles appear normal, lines 100 to 103 contain code that installs the Agent Tesla spyware.

"The Agent Tesla RAT itself is not novel, but the deployment of consecutive attack methods... is highly interesting," Bitdefender analysts noted in their report. They emphasized that this specific delivery method appears to be unique to this torrent, making it a targeted campaign against movie enthusiasts.

Targeting the Novice Pirate

This campaign specifically targets casual internet users rather than seasoned techies. Experienced file-sharers typically know that a movie file should end in .mp4 or .mkv, and that clicking a shortcut file (.lnk) is a major red flag. However, the immense hype surrounding One Battle After Another—recently named Best Picture by the New York Film Critics Circle—is drawing in people who do not usually download pirated content.

For a Kenyan user, the risks are acute. With many households relying on PCs for digital banking and accessing sensitive government portals like eCitizen, a Remote Access Trojan can be devastating. The malware allows attackers to steal passwords, log keystrokes, and even use the infected computer to attack others, turning the victim's machine into a 'zombie' agent.

A History of Deception

Hiding malware in subtitle files is a tactic that dates back to at least 2017, but the sophistication of this attack is evolving. Bitdefender highlighted that Agent Tesla has previously been deployed through phishing emails and, more cynically, disguised as COVID-19 vaccination registration forms in 2021.

As the Academy Awards approach in March, the temptation to pirate award-winning cinema will inevitably rise. However, in this digital battleground, the price of a free watch might be far higher than a cinema ticket. As the researchers warned, if a download asks you to run a program to watch a video, delete it immediately.