MAJOR UPDATE (June 11, 2026):
Adblockers across all browsers are highly inconsistent right now—sometimes working, but often failing completely against these redirects. Because this campaign is highly sophisticated, avoiding the unsafe domains and hosts listed below is strongly advised.
I want to raise awareness about a massive malware campaign hitting popular piracy sites right now.
This is actively happening on platforms like dodi-repacks[.]site, steamunderground[.]net, and the download mirrors provided by fitgirl-repacks[.]site, ovagames[.]com, and others. The main danger is that actual file-hosting services like multiup[.]io and vik1ngfile[.]site have aggressive redirect scripts built directly into their download buttons. Dodi also routes you through rogue URL shorteners like zovo[.]ink or zovo2[.]top, but the core issue across all these platforms is the infected download buttons.
If you click download and a weird domain opens, close that tab immediately and go back. Because these sites use highly aggressive script loops, the fake links might keep spawning 10+ times and completely block you from getting the real file. If you find yourself trapped in an endless loop of closing pop-ups, stop trying and switch to the Firefox method to kill the scripts entirely.
Note: Do not attempt to load or open these links; they are shown purely for identification and awareness.
The attackers insert malicious code on download host buttons, redirecting you through multiple steps before presenting a fake download page:
Clicking a legitimate host download button triggers hidden redirect script loops.
Silent redirect sequences cycle through multiple domains in a fraction of a second.
A deceptive loading/download interface tricks you into downloading a malware package.
Our community is here to support you. Ask in the Discord security channels or check with our team.
