Kaspersky reveals hidden threats in top films and TV shows

The first big TV event of the 2021 awards season started this past Sunday with the 78th annual Golden Globes. However, TV shows and films are not only sources of entertainment but also an attractive lure for cybercriminals to spread threats, phishing pages and spam letters. As a result, in the lead up to such an important industry event, it has become a source of interest for cinephiles, film buffs, scammers and fraudsters alike.

To get a clearer picture of how cybercriminals try to monetise viewers’ interests, Kaspersky experts have analysed malicious files behind nominated films as well as movie-related phishing websites designed to steal users’ credentials.

The Best Picture nominees studied:

• Borat Subsequent Moviefilm
• Emily in Paris
• Ozark
• Palm Springs
• Ratched
• The Crown
• The Mandalorian
• The Queen’s Gambit
• The Trial of the Chicago 7
• Unorthodox

During the first three weeks of January, we observed that 275 users were subjected to infection attempts using files with various threats disguised as best picture nominees. Kaspersky researchers found that “The Mandalorian” was the most popular bait among cybercriminals, accounting for 68% of the infections. Netflix’s hit series “The Queen’s Gambit” was second in this rating with 11% of infected users and “Ozark” completed the top three with 6% of users.

By 21 February, Kaspersky researchers had discovered that the number of users targeted with malware associated with nominated films and series’ had decreased by almost three times compared to the previous month. “The Mandalorian” remained the most targeted feature, while “The Queen’s Gambit” remained in second place. However, there were changes in the percentages of targeted users – 33% and 19% respectively. This means that for the same period in February the number of infections guised by “The Mandalorian” decreased by six times. At the same time, while “Ozark” viewers were safer, cybercriminals’ interest in “Palm Springs” increased and the number of infections increased by three.

Kaspersky experts also found a number of phishing websites designed to steal viewers’ credentials. Some of them offer to enter bank card details to confirm that the user is located in the exact region where the web resource is licensed to distribute content. Others just redirect to third-party resources. In either scenario, the user is deceived with their data leaked and credentials stolen.

An example of a phishing website related to nominees

“Films and TV series’ have always been popular baits to spread threats and perform phishing campaigns. However, today we see that cybercriminals have shifted their attention from the film industry. Instead, we discover some interest from threat actors around the most popular shows at that moment, like “The Mandalorian”. It appears that this great show attracts not only viewers around the world but also cybercriminal interest,” comments Kaspersky security expert Anton V. Ivanov.

In order to avoid falling victim to a scam, Kaspersky advises users to:

• Check the authenticity of websites before entering personal data and use only verified webpages to watch films, series and shows. Double-check URL formats and company name spellings.
• Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
• Use a reliable security solution Kaspersky Security Cloud that identifies malicious attachments and blocks phishing sites.
• Avoid links promising early viewings of content, and if you have any doubt about the authenticity of content check it with your entertainment provider.