You have been warned. Before you click to watch one of these movies, clips, episodes or leaked videos on your phone or PC, take a moment. It’s almost certainly an attack.
Just as ReasonLabs reported that “malicious actors leveraged [a]
number 1 box office movie, Super Mario Bros., to distribute malware,” and Google’s Mandiant that victims have downloaded “malicious ZIP files disguised as pirated movies,” Kaspersky is now warning the same. “Cybercriminals,” the team warned this week, “are exploiting the popularity of Gen Z’s favorite streaming services, films, series and anime.”
Kaspersky picked five chart-topping titles and researched the malware and phishing being peddled in their name. “Always use a legitimate, paid subscription when accessing streaming services,” Kaspersky says, You should never “click on links that promise early access to new content [or]
download unofficial versions or modified [streaming] apps.”
The risks have not changed. Back in 2020, Kaspersky looked at the best picture Oscar nominees and found the same. “Malicious files spread on the internet under the guise of copies of nominated films also provide an indication of the levels of interest toward the nominees.” Then as now, the security firm warns users “don’t click on suspicious links, such as those promising an early view of a new film.”
In March, Microsoft warned it’s not just the video links that put you at risk, as a new attack “impacted nearly one million devices globally.” That campaign “originated from illegal streaming websites embedded with malvertising redirectors, leading to an intermediary website where the user was then redirected to GitHub and two other platforms. The campaign impacted a wide range of organizations and industries, including both consumer and enterprise devices.”
The advice is simple. As ever, if it seems to be good to be true, it almost always is. Any leaked scenes or episodes or early movie releases or pirate copies carry risk. If you proceed, do not provide any information on any login page that opens. It will likely be for your Microsoft or Google account or similar. And any movie or video needs to carry a standard video extension. Not a different package name and definitely not an exe.
With so much of this content now consumed on phones, tablets and PCs, Kaspersky says “as the world of entertainment continues to evolve, so do the tactics used by cybercriminals to exploit popular content… It’s more important than ever for users to stay vigilant and understand how to protect themselves online.”