Woburn, MA – November 10, 2021 – Today Kaspersky released a report examining malware disguised as popular streaming platforms and content. From the beginning of January 2020 through to the end of June 2021, Kaspersky products detected more than 93,000 infection attempts disguised as apps and content from the top five streaming platforms: Netflix, Disney+, Apple TV+, Amazon Prime Video and Hulu. Researchers identified The Mandalorian and Money Heist as the original shows most frequently exploited to spread malicious activity. These and other findings are revealed in the report, “Streaming-related threat landscape in 2020-2021.”

On-demand streaming content has seen rapid growth in the past two years, which was further accelerated by the pandemic. Quickly adapting to the increased demand for alternative sources of entertainment, cybercriminals saw their opportunity to take advantage of users’ eagerness to watch their favorite shows on streaming platforms, with well-known fraud schemes hitting the web. 

Kaspersky experts analyzed the top trends and key events across the entertainment-related threat landscape throughout the pandemic. Overall, Kaspersky products detected 93,095 attempts to infect 18,938 unique users with 8,650 different files from January 1, 2020, through to June 30, 2021.

The United States ranked as the third most-affected country. India ranked at the top of the list (11.37% of affected users). Users there most frequently faced malicious files while attempting to download streaming app downloaders. Algeria and the United States rounded out the TOP 3 with 8.42% and 7.41%, respectively. Amazon Prime was a popular lure in the U.S., which accounted for 55.61% of users targeted with fake Prime scams.

Netflix is not only the leading platform for membership but also the most popular streaming service used as a lure by cybercriminals. In fact, 89.93% of global affected users faced malware or unwanted software while searching for Netflix and related content.

Malware and unwanted application distribution by platform, January 1, 2020-June 30 2021

Cybercriminals are actively using streaming shows and series as bait. According to Kaspersky, almost 60% of infection attempts occurred using only two shows as a lure. The Mandalorian (28.72%) and Money Heist (28.41%), two of the world’s biggest hits in recent years, have been actively exploited by cybercriminals spreading their malicious activity. Other shows from the top five series regularly used as bait by phishers include Rick and Morty (9.69%), Peaky Blinders (9.25%) and Westworld (7.17%).

An example of a phishing page offering to stream Money Heist

“More and more users subscribe to streaming platforms to watch their favorite shows,” said Anton V. Ivanov, security expert at Kaspersky. “As this does not require downloading any files to watch the content, we’d expect that type of malicious activity to decrease. However, cybercriminals adapt quickly to new trends and come up with more relevant types of fraud. Comparing the data of 2021 to the indicators of 2020, we see that downloading malicious files under the guise of TV shows has become much less common, but this does not save users from other threats such as streaming phishing scams where cybercriminals may steal their credentials and money.”

Learn more about the threat landscape of streaming services on Securelist.

To avoid falling victim to malicious programs and scams while using streaming services, Kaspersky advises users to:

·       Check the authenticity of websites before entering personal data. Only use official, trusted web pages to watch or download movies. Double-check URL formats as well as company name spellings.

·       Use a reliable VPN service such as Kaspersky VPN Secure Connection in order to get access to regional content of various streaming platforms.

·       Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites.

·       Avoid links promising early viewings of content. If you have any doubts about the authenticity of content, check with your entertainment provider.

·       Be wary of any deals that seem too good to be true, such as a “one-year free subscription.”

·       Whenever possible, only access streaming platforms via your own paid subscription on the official website or app from official marketplaces.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact

Sawyer Van Horn


(781) 503-1866

How to get away with malware: Kaspersky names the top streaming platforms and shows exploited by cybercriminals

From January 2020 through June 2021, Kaspersky detected more than 93,000 infection attempts disguised as apps and content from the top five streaming platforms
Kaspersky Logo