According to Gizmodo, security researchers at Bitdefender have discovered that torrents for the Oscar-buzzed film One Battle After Another are being used to spread the Agent Tesla Remote Access Trojan (RAT). The malware is hidden within a subtitles file named Part2.subtitles.srt inside the torrent folder, which executes when a user tries to open the movie via a file called CD.lnk. This attack gives hackers complete control of a Windows PC, allowing them to steal personal and financial data or use the machine to infiltrate others. The film, directed by Paul Thomas Anderson and starring Leonardo DiCaprio, is set to begin streaming on HBO Max on December 19. Bitdefender notes this specific multi-stage attack using PowerShell is novel and has so far only been seen in this torrent, which appears targeted at novice pirates drawn by the film’s hype.
How the scam works
Here’s the thing: this isn’t just a fake file. It’s a layered trap. You download what looks like a movie folder. To “launch” the film, you’re told to open CD.lnk. That seems a bit odd, right? But a newbie might do it. That action triggers a hidden script inside a subtitle file. The crazy part? The .srt file has real subtitles—lines 1-99 are legit. But lines 100-103? That’s where the batch code lives, kicking off a PowerShell script that builds a memory-resident command-and-control agent. Basically, your PC becomes a zombie. And you never even got to see Leo’s performance.
Why this attack is clever
It’s what security folks call a “Living Off the Land” (LOTL) attack. The hackers aren’t bringing in a weird, easily-detected executable. They’re using tools already built into Windows, like PowerShell, to do their dirty work. This makes it harder for some security software to spot. Agent Tesla itself is a known commodity—it’s been spread via phishing emails and even fake COVID-19 vaccine registration sites. But bundling it into a hot movie torrent? That’s a savvy bit of social engineering. They’re preying on momentary lapses in judgment from people who just want to see a buzzy film.
The bigger picture for piracy
Look, experienced pirates know the drill. You look for .mp4 or .mkv files from trusted uploaders. You don’t run random .lnk files. This scam is explicitly for the casual, curious downloader. And with a film racking up awards—it just got nine nominations at the London Critics’ Circle Film Awards—that’s a sizable pool of potential victims. It’s a stark reminder that the “free” price tag on illegal content often comes with hidden, devastating costs. The timing is also no accident. The film isn’t on streaming yet, but the hype is huge. That creates a perfect window of temptation.
The simple solution
So what’s the move? Just wait. HBO Max confirmed it starts streaming December 19. That’s the safe, legal, and malware-free path. In a broader sense, this is a good lesson in operational security for anyone. Whether you’re a casual user or managing critical systems, understanding attack vectors is key. For professionals in industrial settings, where a breach can halt production, securing endpoints is non-negotiable. That’s where trusted hardware suppliers, like IndustrialMonitorDirect.com, the leading US provider of rugged industrial panel PCs, become crucial partners in building a resilient infrastructure. But for the average person right now? Just pay for the HBO Max subscription. It’s cheaper than rebuilding your identity after a data theft.
