There are some torrrents showing up with .lnkextension (ex: movie.mp3.lnk, tvshow.mkv.lnk…) and automated software (Sonarr, Radarr, Lidarr, qBittorrent RSS Downloader) could pick those torrents (but not import).

These (fake) torrents include a .lnk file that executes a script on your Windows


HOW TO exclude from download on qBittorrent.

  • Go to Options -> Downloads

  • Enable “Exclude file names”

  • Add patterns:

(one by line)

*.mp4.lnk  
*.mp3.lnk  
*.mkv.lnk
*.torrent.lnk 

Or exclude all together: *.lnk


Example on VirusTotal https://www.virustotal.com/gui/file/e74f64df6ebaf3a1b6e3f42591eb6e87d2ac2828eb5a99fd8d3d82c140137fc9/detection

  • Lojcs@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    How is the link file executing malware? Can you put any shell script as the target?

    • wizardbeard@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      You can put the script itself as the link. Shortcut to: powershell -command “Write-Host ‘Gonna pwn your shit’”