Google Chrome and Mozilla Firefox users visiting popular torrent site Kickass Torrents (KAT) are seeing a malware warning today. Whether you’re going to http://kat.cr or https://kat.cr, you’ll get a message cautioning you to go no further.
This issue only affects those browsers because Google’s Safe Browsing is flagging the site. The service powers similar security features in Chrome and Firefox.
The warnings are a bit different depending on the browser you’re using, but the gist is the same. Chrome users are told that “Attackers on kat.cr might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).”
Firefox users are told that “This web page at kat.cr has been reported to contain unwanted software and has been blocked based on your security preferences.”
Chrome users can get around this message by clicking Details and then “Visit this site,” while Firefox users can click “Ignore this warning.” You should only do this at your own risk.
What is the current listing status for kat.cr?
Site is listed as suspicious – visiting this web site may harm your computer.
What happened when Google visited this site?
Of the 6582 pages we tested on the site over the past 90 days, 104 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-10-08, and the last time suspicious content was found on this site was on 2015-10-08.
Malicious software includes 2 trojan(s), 1 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 2 domain(s), including downloadnet1004.com/, adventuredistricthotels.com/.
20 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ato.mx/, adk2.co/, chlcotrk.com/.
This site was hosted on 12 network(s) including AS10929 (NETELLIGENT), AS15169 (GOOGLE), AS41390 (RN-DATA-LV).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, kat.cr did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
In short, either some of Kickass Torrents’ pages are hosting malware, or Google is incorrectly detecting such. This problem usually occurs when an ad network becomes compromised and starts serving malicious ads, though, because sites often use multiple advertising networks, some specific to certain regions, not all users are always affected.
Indeed, the KAT team has told TorrentFreak that “the bad advertiser has been removed.” I have contacted Google about such issues in the past, only to be told the company doesn’t comment on individual sites. This problem will be resolved by itself, but it may take a few hours (or even days, given that it’s a Friday) for that to happen.