This is an automated archive made by the Lemmit Bot.
The original was posted on /r/piracy by /u/DroidLord on 2024-11-05 21:23:35+00:00.
What's been up recently with 1337x getting an influx of fake torrents that consist of '.lnk' files? Usually they'll be new episode releases, but the uploaders time it so they get published a day or two before the actual episode airs officially.
Because these files are big enough (usually 1GB in size), they get automatically grabbed by Sonarr/Radarr. Thankfully I blocked .lnk files in my torrent client ever since this started happening a few months ago, so they just sit at 0% until I notice and manually remove them.
The first time this happened, I almost opened the file, but thankfully I noticed just in time that it was named ".mkv.lnk" and not '.mkv'. Has 1337x started relaxing their uploader criteria or something? I've never noticed this before and in the past few months it's happened at least 10 times. I've also seen .scr and .com files.
These .lnk files then open up a hidden PowerShell instance, connect to a remote C&C server and attempt to download malicious files onto your system. This is nothing new and has been a thing since forever.
Why are .lnk files even allowed? Untrusted uploaders usually can't upload .exe or .bat files, so why are they allowed to upload .lnk files? Or are their bots scraping torrents from questionable sites automatically?
Thankfully they get nuked from 1337x quite quickly, but the two torrents that Sonarr grabbed yesterday still have a lot of seeders and peers. It seems a lot of people are grabbing these torrents - how many of them are trying to open these? Especially people that don't have "show file extensions" enabled...
Honestly, 1337x is not the site it used to be. Hasn't been for the past year or two. Might be time to finally stop using them. Nowadays I source most stuff from private trackers anyways, but I still use a few public trackers like 1337x on occasion (though mostly through Sonarr/Radarr).
This is how the files look like.
If you're using qBittorrent, you can blacklist certain file extensions by enabling: Options > Downloads > 'Exclude file names'. Then paste the following in there:
*.exe
*.com
*.cmd
*.bat
*.scr
*.pif
*.lnk
*.ps1
*.msi
*.url
*.zipx
This will deselect any file with those extensions when it gets added to the client. If the torrent is added automatically through services like Sonarr and Radarr, then they won't get downloaded at all. If you're adding a torrent yourself then you just have to enable those files manually before starting the download.