Experts have found several phishing websites that promised to offer Oscar-nominated movies for free before the awards ceremony, but end up stealing users’ credentials

If you’ve been following our blog since a long time ago, then you’ve probably noticed how all headline-developing events are the best tool for hackers to income in. Be it the release of trendy apps, popular global events, or buzzwords that almost no one understands.

So, our goal today is to educate as many people on the latest scams to learn how to defend themselves. 

 

Oscar-nominated Movies Phishing Malware

How did it work exactly? 

And how it will work once again as the next big event gets closer?

This time, hoping to see an Oscar-nominated movie, users would be invited to visit a site that shows them the first few minutes of the movie before asking them to register to continue watching.

During registration, to confirm the country of residence, the victim is asked to enter their bank card details. After a while, the card is charged, but as expected, the movie does not continue to play.

Believe it or not, a lot of people fall into this kind of trap.

Experts have also analyzed the malicious files behind the 2021 Oscar nominees. 

As a result, the company’s researchers have found around 80 files that mimic the films that are up for Best Picture.

Analyzing the malware detected over the past year, it was found that almost 70% of malicious files are disguised as just three movies:

  • “Judas and the Black Messiah” 
  • “Promising Young Woman”
  • “The Trial of Chicago 7”. 

 

The biographical drama “Judas and the Black Messiah” was the most widely used source for spreading malicious files – malware related to this film accounts for 26% of all infected files.

For their part, “Promising Young Woman” and “Trial of the Chicago 7” closed the top three positions, with 22% and 21% respectively.

The spread of malware under the guise of popular movies is not a recent occurrence among scammers.

 

Anton V. Ivanov, a member of Kaspersky, says: 

“Cybercriminals have always tried to monetize users’ interest in various sources of entertainment, including movies.

Large film industry events may spark some interest in the cybercriminal community, but these types of malicious activity are not as popular today as they used to be.

Nowadays, more and more people are switching to streaming services, which are more secure because they do not require downloading of files.

Still, movies are a popular claim to spread phishing pages and spam emails.

  These attacks can be prevented, and users must be vigilant about the sites they visit”

 

Heather Paunet, Untangle Vice President, follows: 

“Teaching workers how to identify phishing email messages like these is just as critical as putting in spot protecting methods,” 

“As security adversaries obtain artistic new means to infiltrate networks, holding employees skilled and up-to-date is needed to bolster your network security.”

 

To avoid falling victim to malicious programs and scams, users are advised to:

 

  • Check the authenticity of websites before entering personal data and only use official websites to watch or download movies. Double-check the formats of the URLs and the spelling of the company name.

 

  • Pay attention to the extensions of the files that are downloaded. A video file will never have a .exe or .msi extension.

 

  • Avoid links that promise early viewing of content and, if in doubt about their authenticity, check with the entertainment provider.