Attackers are exploiting the hype surrounding this year’s Oscar Best Picture nominated movies to infect fans with malware and to bait them to phishing websites designed to steal sensitive info such as credit card details and personal information.
This method is the perfect way to get around movie fans’ defenses seeing that many of them are willing to take down their defenses for a chance to get a free preview, especially given that the 92nd Academy Awards ceremonies are just around the corner on February 9th.
High-profile TV shows and films are frequently used as lures in social engineering attacks promising early previews either in the form of fake streaming sites or via malicious files disguised as early released copies.
Over 20 phishing sites use Oscar baits
Kaspersky researchers who discovered these ongoing attacks “found more than 20 phishing websites and 925 malicious files that were presented as free movies, only to attack the user.”
“The uncovered phishing websites and Twitter accounts gather users’ data and prompt them to carry out a variety of tasks in order to gain access to the desired film,” a press release published today says.
“These can vary from taking a survey and sharing personal details, to installing adware or even giving up credit card details. Needless to say, at the end of the process, the user does not get the content.”
To promote their malicious sites, the attackers make use of Twitter accounts that share links to streaming websites that promise access to the movies for free or for a small fee.
The researchers also discovered that ‘Joker’ was the most popular movie to use as a malware lure among threat actors with over 300 malicious files being camouflaged as a Joker preview.
“‘1917’ was second in this rating with 215 malicious files, and ‘The Irishman’ was third with 179 files. Korean film ‘Parasite’ did not have any malicious activity associated with it,” Kaspersky also found.
Movie fans urged to proceed with caution
“Cybercriminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” Kaspersky malware analyst Anton Ivanov said.
“However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability.
To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats.”
To dodge incoming attacks that camouflage malware as Oscar Best Picture Nominees or use them as phishing bait, Kaspersky recommends movie fans to follow these guidelines:
• Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources
• Don’t click on suspicious links, such as those promising an early view of a new film; check movie release dates in theaters and keep track of them
• Look at the downloaded file extension. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have a .avi, .mkv or .mp4 extension, or other video formats; definitely not .exe
• Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with https. Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain’s registration data before starting downloads
• Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats
More information about the adoption of Oscar best picture nominees as a phishing bait based on their theatrical or Netflix release is available in Kaspersky’s press release.