News
The amazing malware: fraudsters spread their webs, abusing new superhero movie
December 2021 by Kaspersky
The latest film about our friendly neighborhood Spider-Man, entitled ‘No Way Home’, hit the cinemas on the 15th December. It has become a juggernaut of hype and speculation, especially since the premiere of its trailer featuring old faces. With the excitement surrounding the release of the newest Spider-Man film, the inattention of thrilled viewers is being abused by cybercriminals. The premiere of ‘No Way Home’ is no exception but an attractive lure to spread threats and phishing pages.
Kaspersky researchers observed intensified activity from fraudsters ahead of the film’s premiere and found numerous examples of phishing websites set up to steal viewers’ bank details. To watch the new superhero film ahead of the premiere, people were asked to register and enter their credit card information. After that, money was debited from their card and payment data gleaned by cybercriminals, but no early viewing of the film was available.
Fraudsters are tricking viewers into entering bank card details
Superhero movies have always attracted a lot of attention from fans, so their trailers are especially scrutinised. There are tons of speculation and rumors floating around the internet regarding ‘No Way Home’. For example, reports are running rampant that Tobey Maguire and Andrew Garfield are both returning as Spider-Man from their respective films. Even though there is no concrete evidence that they will, fans have already created their own theories. To boost interest in the phishing pages, fraudsters do not use official posters from the film, but rather fan art featuring all the Spider-Man actors. With such posters, cybercriminals want to attract more attention from fans.
An example of a phishing website offering to stream ‘No Way Home’ with fan art as the poster
A lot of users attempted not only to watch the long-awaited premiere of ‘No Way Home’ online but also to download it. Needless to say, under the disguise of the new movie are hidden malicious files. In most cases analysed, Kaspersky researchers discovered Downloaders able to install other unwanted programs, but there were also other Adware and even Trojans ? malicious programs that can enable cybercriminals to perform actions that are not authorised by the user, such as gathering information, modifying data or disrupting the performance of computers.
“Fans’ expectations are through the roof right now, arguably higher than for any film. Everyone who has ever been a fan of Spidey has their own theories about the films, which can be exploited by cybercriminals. Forgetting about cybersecurity, the audience is in a hurry to find out the secrets of the premiere movie, and fraudsters are using fan arts and trailer cuttings as bait to make victims download malicious files and enter banking details. We encourage users to be alert to the pages they visit and not download files from unverified sites,” comments Tatyana Shcherbakova, security expert at Kaspersky.
To avoid falling victim to malicious programs and scams, Kaspersky recommends users:
? Avoid links promising early viewings of films or TV series. If you have any doubts about the authenticity of the content, check with your entertainment provider
? Check the authenticity of the website before entering personal data and only use official, trusted web pages to watch or download movies. Double-check URL formats and company name spellings
? Pay attention to the extensions of files you are downloading. A video file will never have a .exe or .msi extension
? Use a reliable security solution, such as Kaspersky Security Cloud
