Phishers hunt fans of the latest Star Wars movie
According to Kaspersky, 83 users have already been hit by 65 malicious files, disguised as copies of Star Wars: The Rise of Skywalker.
Video: 3 leadership lessons from Star Wars
TechRepublic has overtaken Trey Grayson, the former Secretary of State of Kentucky and current CEO of the Northern KY Chamber of Commerce, about what business leaders can learn from Star Wars.
May the Force be with you when Star Wars: The Rise or Skywalker goes to theaters.
Researchers from cyber security company Kaspersky have found 65 malicious files disguised as copies of the latest and latest film in the trilogy. They have also found more than 30
phishing
sites and social media profiles disguised as official film accounts that supposedly distribute free copies of the film, Kaspersky said.
SEE: Star Wars: The Rise of Skywalker review – Everything you could ask for except the heart (CNET)
In addition to distributing malicious files, the sites often collect credit card information, under the guise of necessary registration on the portal, according to Kaspersky.
Hype about the film franchise has been feeding this problem for much of the year, the company said. In general, Kaspersky researchers discovered 285,103 attempts to infect 37,772 users trying to watch Star Wars movies in 2019; an increase of 10% compared to 2018.
Films have become a fertile ground for cyber attacks because they are one of the most important forms of entertainment that users try to reach for free, Kaspersky said. Online streaming, torrents and other digital distribution methods often infringe copyright on content, and yet they remain a popular source of free content.
Torrent trackers and illegal streaming platforms pose a threat to users’ cyber security because they can host malicious files, masked by the name of movie files to fool fans, according to Kaspersky.
How the process fools fans
The process works by copying the official name of a movie and providing thorough descriptions and supporting content. Next, a cyber attacker creates domains of websites that are used to collect personal data, distribute malicious files, and make users believe that the website is somehow connected to the official movie.
This practice, known as ‘black SEO’, enables criminals to promote phishing websites high in the search results. These results often appear for search terms such as “watch the movie’s name for free,” Kaspersky said.
To further support the promotion of fraudulent websites, cyber criminals also set up Twitter and other social media accounts, where they distribute links to the content. Combined with malicious files that are shared on torrents, this results in the results of the criminals, the company said.
So far, 83 users have been hit by 65 malicious files, disguised as copies of the upcoming movie, Kaspersky said.
“It’s typical for fraudsters and cyber criminals to try to take advantage of popular topics, and” Star Wars “is a good example of such a theme this month,” said Tatiana Sidorina, security researcher at Kaspersky, in a statement. “Because attackers succeed in pushing up malicious websites and content in search results, fans must remain cautious at all times. We advise users not to fall for such scams and instead enjoy the end of the big screen saga “
Tips to prevent you from becoming a victim
Kaspersky recommends the following steps to prevent you from becoming a victim of malicious programs that occur as popular movies or TV shows:
- Pay attention to the official release dates of films in theaters, on streaming services, TV, DVD or other sources
- Do not click on suspicious links, such as those that promise an early view of a new movie.
- View the downloaded file extension. Even if you are going to download a video file from a source that you consider reliable and legitimate, the file must have the extension .avi, .mkv or .mp4, along with other video formats, certainly not .exe.
- Check the authenticity of the website. Do not visit websites where you can watch a movie until you are sure that they are legitimate and start with ‘https’. Confirm that the website is genuine by checking the format of the URL or the spelling of the company name, reading reviews about it, and checking the domain registration information before you start downloads.
- Use a reliable security solution for comprehensive protection against a wide range of threats.
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
Register today
Also see
Image: Walt Disney Studios