Fake Leonardo DiCaprio movie torrent injecting malware globally ahead of Christmas 2025

Just like any other festival, holiday week or seasonal shopping spree, the Christmas 2025 holiday season, which is around the corner, is witnessing cyber criminals injecting fileless malware under the guise of fake movie torrents. A notable example is Leonardo DiCaprio's film One Battle After Another.

The malicious campaign is linked to fake versions of popular films circulating on torrent, raising concerns about the risks associated with downloading unauthorised content.

What is fake Leonardo DiCaprio movie torrent injecting malware? 

Cybersecurity firm Bitdefender brought to light the issue, stating that this fake torrent of Leonardo DiCaprio's film 'One Battle After Another' has been used to deploy the Agent Tesla remote access trojan. It explained that users may perceive the malware as a legitimate movie file, but instead, they are unintentionally installing malware on their systems.

This campaign utilises fileless infection techniques, executing malicious payloads entirely in memory without writing files to a system’s storage.

The torrent comprises obfuscated scripts. Once opened, they trigger a multi-stage execution chain using tools like PowerShell.

These methods help the malware avoid being detected and leave minimal forensic traces.

Once activated, Agent Tesla grants attackers remote control over the device, enabling them to steal sensitive information such as passwords, financial data, and login credentials. The worst part is that such infected machines can also be incorporated into larger botnets for future attacks.

Security experts emphasise that downloading pirated media poses grave risks, particularly during the holiday season when high-profile films attract millions of viewers.

This widely spread tragedy is part of a trend where threat actors use entertainment-related tactics to victimise internet users.