Researchers from Google working in Project Zero have recently announced a major vulnerability discovered in the Windows version of the uTorrent and uTorrent Web applications, which allows cybercriminals to download arbitrary code onto our computers. The attack can be used to both encrypt files and install an application that extracts cryptocurrencies. Fortunately, the uTorrent developers have already prepared the appropriate updates with security fixes.
uTorrent is the most popular client of the p2p network called torrent, which is used, among other things, to download Linux distributions. Of course, many people use this network also to distribute pirated material. Therefore, cybercriminals do not have to bother to perform an effective attack. The only thing they have to do is to prepare a properly crafted website that will be visited by a person seeking illegal materials. The victim of the attack does not even have to download any file so that the visited site takes control of the key functions of the uTorrent and uTorrent Web applications. The vulnerability not only allows you to view the list of recent files, but also to discreetly download malicious code and placing it in the Startup directory.
Users of uTorrent or uTorrent Web should install available updates as soon as possible.
Fortunately, more and more people are putting their computers to sleep, rather than turning them off completely. Therefore, the vulnerability discovered should not cause too much damage. However, for precaution you should check if there are any suspicious files on your computers in Startup directory. The next step is, of course, the installation of released updates. Discovered vulnerability was fixed in uTorrent/BitTorrent 126.96.36.199352 and uTorrent Web 0.12.0.502.
Source: Ars Technica