Google Chrome and Mozilla Firefox users visiting popular torrent site KickassTorrents (KAT) have been seeing a malware warning since yesterday, similar to the warning they received on the site back in October 2015. Navigating to both http://kat.cr and https://kat.cr results in a message cautioning you to go no further (“Deceptive site ahead” in Chrome and “Reported Web Forgery!” in Firefox).
This issue only affects those browsers because Google’s Safe Browsing is flagging the site. The service powers similar security features in Chrome and Firefox.
The warnings are a bit different depending on the browser you’re using, but the gist is the same. Chrome users are told that “Attackers on kat.cr may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).”
Firefox users are told, “This web page at kat.cr has been reported as a web forgery and has been blocked based on your security preferences.”
Chrome users can get around this message by clicking Details and then “visit this unsafe site,” while Firefox users can click “Ignore this warning.” You should only do this if you’re comfortable with KAT’s claim that the security issue has been fixed.
kat.cr contains deceptive content.
Don’t panic. Users sometimes post bad content on websites that are normally safe. Safe Browsing will update the safety status once the webmaster has cleaned up the bad content.
This problem usually occurs when an ad network is compromised and starts serving malicious ads. Because sites often use multiple advertising networks, some specific to certain regions, not all users are always affected. In short, at least one of Kickass Torrents’ pages is hosting malware, according to Google.
The KAT team has told TorrentFreak that the culprit has been discovered: “In order to improve users security we are wrapping every external link in confirmation window and this time Google alert is referring to a wrapped link that has been posted in our community. We’ve blocked that site thus rendering those external links unusable. We’ve reported it to Google and expecting this security alert soon to be lifted.”
While KAT says it has addressed the problem on its end, it may take hours (or even days) for the change to trickle down to Google’s Safe Browsing service.