Torrent Uploader ‘CracksNow’ Apologizes For Ransomware

All know that downloading movies and software from the torrent network could infect your computer with malware, but what is more heartbreaking is when you see a popular, and trusted file uploader facilitates the process.

The trusted and popular software cracks/keygens uploader for many torrent sites “CracksNow,” has now been banned from several torrent sites after it was found dispensing the malware bundled with his uploads.

According to TorrentFreak, many downloaders complained that the files they downloaded, through CracksNow on torrents, contained ransomware and other malware that can damage the computers.

Nevertheless, CracksNow has denied uploading any torrents with ransomware attached to it. They say their accounts at various torrent sites were compromised. While they take full responsibility, they claim that there was no malicious intent on his part. In the meantime, CracksNow’s own site was hacked this week.

Scammers are constantly trying to trick torrent users, and this has been on for so long. So it is no secret that criminals will try to fudge downloaders to get their way into the user’s system. It can be easily spotted, as are immediately removed from sites.

But, it all changes when a popular uploader with a “trusted’ status on some torrent sites is labeled to carry ransomware. Cracksnow was informed about the malware, and they had been banned from several sites after posting torrents with ransomware.

While being informed a decade before, and they didn’t do much to contain such malicious activity raised few eyebrows. A popular uploader ‘going rogue’ was not something that anybody anticipated. Though CracksNow claimed that there was no malicious intent on his part, but experts believe that it is impossible that they didn’t know it for so long, and attribute it to the fact about declining torrent community, and the desperation to cash in on the opportunity.

CracksNow says “I had a person who checked all the files for malware before they were uploaded. All the files were run in a sandbox and were dynamically analyzed for malware.”

When the malware reports kept coming in, resulting in bans for the uploader, the files were checked again. That’s when he noticed that some uploads were different.

“When I was demoted on TorrentGalaxy, I was testing all the files again for malware to see which torrents were infected. During my testing, I discovered that the info hash of the torrent file on my server was different from those on the torrent sites.”

An admin at TorrentGalaxy shared some of the account logs which revealed that CracksNow torrents were being deleted and replaced with new files. These newer files, presumably uploaded by someone else, came with the ransomware which caused all the trouble.

TorrentFreak reached out to TorrentGalaxy admin LRS, who confirmed that the site logs indeed showed that torrents were deleted and reuploaded.

However, by then the damage had already been done. After an admin at 1337x helped TorrentGalaxy by pointing out the ransomware issues, both sites banned the CracksNow account.

The upload irregularities could mean that CracksNow’s accounts were compromised by an outsider. While this is impossible to verify independently, it sounds like a plausible explanation.

The uploader has no idea how someone managed to get his credentials but he doesn’t want to hide behind any excuses either. Even if someone else uploaded the malware, CracksNow takes full responsibility for what happened.

“It’s my responsibility to keep my account secure and I failed in that. A lot of users who trusted CracksNow got infected and got their files encrypted. I feel really bad about this and I am sorry to everyone who got infected,” CracksNow says.

The result is that the uploader lost his accounts with thousands of torrents at several popular sites, but he understands this as well. There was no way to check which uploads were infected, so deleting everything was the logical option.

“I fully support the decision. All the torrents should be deleted so that nobody else gets infected. I don’t want anyone to get infected because of me. The damage done to the reputation of CracksNow is irreversible. I will never be able to upload on the torrent sites again and I understand that.”

The uploader can breathe a sigh of relief that his own website is still up there, though it was hacked last week. But, Google’s ominous red warning is looming large and showing up in many web browsers.

This article is just a piece of our analysis based on the different reports and stories found on the internet. We are not passing any judgment, but only trying to caution our readers at hackercombat to be careful when they download files and moves from the Internet. It’s better to be safe than sorry.