You've never seen a DNS poisoning attack have ya? I've seen Google infect systems just because they looked up a particular football game, because some bad actor somehow poisoned the DNS cache.
There is this torrent site I use that likes to use javascript to redirect to various malicious websites on every single click. After reaching the desired amount of clicks, it start behaving like a normal, "legit" website. Just of out curiosity I checked few other torrent websites and got the same result. It got so annoying that I'm using radarr and sonarr to look for torrents.
Edit: Ublock Origin, Sponsorblock, Violent Monkey with anti script and ad block blocker scripts. Countdown bypass, autoclick skip ad and shortlink scripts, and what ever other specific scripts for your needs
I decided to be helpful for others instead of just a smart ass. Not you OP, you have it coming for spreading misinformation
Ah no, most "malware" is just false positive of AV software, since repacked games look pretty similiar. And no such dangers with media files, as long as your system is uptodate.
Wasn't there statistics a while ago already, that most malware comes from "legit" sites, especially newspapers (malvertising), by quite a margin? Hard to find now, too much noise.
Not to say you don't need to be careful. But not much more than always with executing something from the internet.
One rule of thumb: torrent sites usually have a colorful pirate skull things for torrents from reputable groups (if not, look for a better site). They have a reputation to lose if malware gets slipped in. And they do what they do mostly for reputation and competition.