Users of Google Chrome and Mozilla Firefox who visit the popular torrent site Kickass Torrents (CAT) will come in front of a security warning. The warning appears in all domains (http://kat.cr or https://kat.cr) and reports that they distribute malware.
This issue affects only the two browsers we mentioned as Google's Safe Browsing blocked the site.
The warnings are slightly different, depending on the browser you are using, but the substance is the same.
Chrome users see this:
"Attackers on kat.cr may try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or displaying additional ads on websites you visit)."
Firefox users, on the other hand, see the following warning in Kickass Torrents:
"This website at kat.cr has been reported to contain unwanted software and has been blocked based on your security preferences."
Of course if you want to visit the Kickass Torrents website and use Chrome click on Details and then "visit the site" while if you are using Firefox click on "Ignore this warning."
All this at your own risk.
The Google Diagnostic Report states:
Current registration status for kat.cr?
This site is reported as suspicious and visiting this site may harm your computer.What happened when Google visited this site?
From the 6582 pages we reviewed on the site in the last 90 days, the 104 page (s) brought malicious software results that can be installed without the user's consent. The last time Google visited this site was 08.10.2015, and the last time suspicious content on this site was found on 08.10.2015.
Malicious software includes 2 trojan (s), 1 exploit (s). Successful infection caused on average 2 new processes on the target machine.Malicious software is hosted on 2 domains, downloadnet1004.com/ and adventuredistricthotels.com/.
20 domains appear to be acting as intermediaries for distributing malware to visitors of this site, including ato.mx/, adk2.co/, chlcotrk.com/.
This site was hosted on 12 networks, including AS10929 (NETELLIGENT), AS15169 (Google), AS41390 (RN-DATA-LV).
In the last 90 days, kat.cr does not appear to act as a mediator for infecting any site.
Has this site hosted malware?
No, this site has not hijacked malicious software in the last 90 days.In some cases, third parties can add malicious code to legitimate websites, which causes the warning message to appear.
In short, some of the Kickass Torrents pages host malicious software, or Google is mistakenly detected as malicious. This issue typically occurs when an ad network is violated and it starts serving malicious ads.
Indeed, the KAT team told TorrentFreak that "the malicious advertiser has been removed."