December 19, 2019

The sky-rise of droppers: phishing and malware attacks surface amid premiere of famous space saga

Kaspersky researchers find over 30 fraudulent websites and social media profiles disguised as official movie accounts

Woburn, MA – December 19, 2019 – Popular films are often used by cybercriminals as bait to distribute malware, and the latest movie saga from ‘a galaxy far, far away’ is no exception. According to research from Kaspersky, the latest and final film of the trilogy has drawn the attention of attackers even before the premiere, with fraudulent websites and malicious files of the yet-to-be-released film flooding the web.

Films are one of the main forms of entertainment users seek to access for free, which creates fertile soil for cyberattacks. Online streaming, torrents and other methods of digital distribution often infringe upon content copyright, and yet they remain popular as a source of free content. Torrent-trackers and illegal streaming platforms pose a threat to users’ cyber-safety, since they can host malicious files, masked behind the name of movie files. Given this tendency, Kaspersky studied how the world-famous sci-fi franchise’s name is being abused by cybercriminals in order to fool fans.

Public attention on “Star Wars: The Rise of Skywalker,” which premieres December 19, is already attracting cybercriminals. Kaspersky researchers found over 30 fraudulent websites and social media profiles disguised as official movie accounts (the actual number of these sites may be much higher) that supposedly distribute free copies of the latest film in the franchise. These websites collect unwary users’ credit card data, under the pretense of necessary registration on the portal.

The domains of websites used for gathering personal data and spreading malicious files usually copy the official name of the film and provide thorough descriptions and supporting content, thereby fooling users into believing that the website is, in some way, connected to the official film. Such practice is called “black SEO,” which enables criminals to promote phishing websites high up in search engine results (such results often show up for search terms such as ‘name-of-the-film watch free’).

To further support the promotion of fraudulent websites, cybercriminals also set up Twitter and other social media accounts, where they distribute links to the content. Coupled with malicious files shared on torrents, this brings the criminals results. So far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie.

star-wars-1.png

Screenshot of a phishing website set up to look like an official film website

star-wars-1.png

Screenshot of a fake space-saga account on Twitter distributing malware-ridden files

Phishing is not the only way cybercriminals tend to utilize popular film franchises. Just as with popular TV shows, they often disguise malicious programs as yet another episode of the story. In 2019, Kaspersky detected 285,103 attempts to infect 37,772 users seeking to watch movies of the renowned space-opera series, a 10% rise compared to last year. The number of unique files used to target the users amounted to 11,499, a 30% drop from last year.

“Star Wars”-themed malware attacks

 

2018

2019

Change

Attacks detected

257,580

285,103

+10%

Number of unique files

16,395

11,499

-30%

Users targeted

50,196

37,772

-25%

 

“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and ‘Star Wars’ is a good example of such a theme this month,” said Tatiana Sidorina, security researcher at Kaspersky. As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”

To avoid falling victim to malicious programs pretending to be popular films or TV shows, Kaspersky recommends taking the following steps:

  • Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources
  • Don’t click on suspicious links, such as those promising an early view of a new film
  • Look at the downloaded file extension. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension, among other video formats, definitely not .exe
  • Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with ‘https.’ Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains’ registation data before starting downloads
  • Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at https://usa.kaspersky.com.

Media Contact:

Sawyer Van Horn
781.503.1866
sawyer.vanhorn@kaspersky.com

Related Articles Press Releases