Torrent and peer-to-peer software has been hugely popular since it burst into the public eye in the early 2000’s. Since then, clients like BitTorrent and UTorrent can be found on millions of computers around the world.
However, this is one case where there really isn’t safety in numbers. Torrent and peer to peer file sharing clients are in a class of software called riskware, a grey-area between legitimate software and potentially unwanted or harmful malware.
Beyond the murky legal implications of copyright violations, these services can also seriously jeopardise your internet security – and it’s not just accidental trojans you need to worry about.
Risk One: The Client Itself
The newest versions of many BitTorrent-based clients can open ports on your machine to other peers on the network, or their updates can be intercepted and replaced with nasty fake versions.
This was shown in 2016 when MacOS users of the Transmission torrent client fell prey to a malicious fake updated version of the app. The resulting infection stole credentials stored in OS X’s Keychain app, leading to many data breaches of the victims’ online accounts.
The client may also leave certain ports open by default, so checking the default settings and placing limits on which folders are shared can be a saving grace.
Additionally, many clients run constantly in the background. Unless you’re actively downloading or seeding a torrent, exiting your client completely is often a more secure strategy.
Risk Two: Silent Installs
When you’re installing a torrent client, you might be getting a little more than you bargained for. In 2015, users of the popular MicroTorrent client found that Bitcoin mining software had also been installed without their knowledge.
Additionally, other popular torrent software comes bundled with potentially irritating adware such as junk registry cleaning tools, unwanted search toolbars, as well as other bloatware.
These can jeopardise your privacy by “phoning home” and sharing your browsing information with advertisers, not to mention weigh down your machine with endless popup notifications.
During the installation process, ensure you read carefully which checkboxes are ticked, or opt for lighter clients that don’t include other bundled software.
Risk Three: Downloading Malware
Possibly your biggest threat when downloading your torrent is opening the finished product. Torrents often come from untrustworthy or even illegal sources, and as such can be highly unpredictable.
A torrent sharer might seem to be posting a high-quality DVD rip of a new blockbuster, while covertly building a botnet full of thousands of infected computers. For example, a full version of Adobe’s new suite might actually be a trojan or even ransomware laying in wait.
This was certainly the case with the Win32.Sathurbot backdoor trojan in April 2017, when thousands of devices were added to a botnet that crawled the Internet for vulnerable WordPress admin accounts.
The trojan often billed itself as a popular movie or software package, letting unwitting users install it by mistake. As such, these infected torrents ended up being well-seeded and appearing legitimate to the average user.
By keeping these risks in mind, you can avoid the worst features that torrent software has to offer. If the benefits outweigh the risks and you simply must use a torrent client, keep your settings tight and your skeptical senses intact when you navigate the often-shady world of peer to peer file sharing.