uTorrent client on official site replaced with scareware
Users that have downloaded the uTorrent software client from the uTorrent.com website on Tuesday morning are warned that they might have ended up with scareware on their computer.
According to the warning issued by BitTorrent – the company behind the Mainline/Chrysalis and the uTorrent clients – the uTorrent.com Web server has been compromised around 4:20 a.m. Pacific Daylight Time (UTC -7) on Tuesday and the website modified to serve malware instead of the uTorrent client.
The switcheroo was discovered just after 6:00 a.m., and the affected servers were immediately taken offline. They have since been cleaned up and are up and running, and so is the website.
Further investigation into the matter revealed that the malware is a fake AV/scareware variant of the “Security Shield” family. Once installed, it shows standard infection warnings and tries to make the user pay for the removal of the “found” malware.
BitTorrent has stressed the fact that only the people who have downloaded the uTorrent client from the uTorrent.com website during these two hours have been affected.
Although, to be on the safe side, I would definitely recommend to all the users that have downloaded it in the last few days to do an antivirus scan of their computers.
The company has also stated that it doesn’t think that BitTorrent.com or the BitTorrent Mainline/Chrysalis clients were part of the incident, but again – a scan couldn’t hurt.