You can theoretically get a virus from interacting with any file, including video files. It’s just less likely. Take for instance, a 2020 VLC vulnerability:
Imagine if you were using an outdated apple device in 2021, and downloaded a maliciously created .avi video file from a reputable torrent site, and ran the video in VLC. An attacker could use this buffer overflow and infect your computer without you even knowing. And of course, a system like “Virustotal” would be completely unable to stop this.
The FBI once used a media player vulnerability to run arbitrary code to deanonymyze a sextortionist and terrorist, but this costed them 100,000$. Media file exploits, like the one mentioned above, are precious and powerful, but made mostly useless upon discovery, and are usually disclosed by security researchers so they can be fixed, or sold on exploit markets for tens of thousands for advanced hacker groups or intel agencies to use on specific targets.
Such vulnerabilities also are discovered for basic image files - you could theoretically get infected by an image loaded in your browser. This kind of attack could theoretically be used by a power adversary to infect targeted individuals by serving them ads with infected images, without the user even clicking on it, and while they’re on reputable websites.
Running and processing any file carries an amount of risk, and requires a level of trusting the sender of the file.
Its true that you should be wary of “Free” products, but in the case of torrenting, the expectation is that you also help share the file, since they were so kind to share it to you. Its like a commune. Some torrenting communities only allow people who can prove that they’ve been good internet citizens and also help seed files.
This is incredibly subjective, but I would say “extremely safe”, as long as you are only running video files, and not excutables disguised as media files (like the infamous "music.mp4.exe trick).
Here’s what you can do:
-
Keep your computer up to date. Updating patches known security vulnerabilities. It is extremely, extremely unlikely that a threat actor would burn a new undisclosed vulnerability for a media player on random torrenters. But someone just might distribute old vulnerabilities to catch those who haven’t updated their PCs, because this costs much less effort.
-
Be aware of which file extensions are media files and assume anything that seems “rare” is a sort of executable.
-
Disable hiding file extensions in your file browser, you should see the full name of any file you’re running.
-
If you’re really paranoid, you can just torrent on a disposable linux VM. But this is probably unnecessary, as long as you’re running media files only (not executables), and keeping your computer up-to-date.