Crooks use Star Wars saga as bait in Phishing and malware attacks

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware.

Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie.

Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users.

Just before the official release, on December 20, cybercriminals have flooded social networks and the internet with rogue websites and files offering previews of the ‘The Rise of Skywalker’ movie and free steams.

“Public attention on “Star Wars: The Rise of Skywalker,” which premieres December 19, is already attracting cybercriminals. Kaspersky researchers found over 30 fraudulent websites and social media profiles disguised as official movie accounts (the actual number of these sites may be much higher) that supposedly distribute free copies of the latest film in the franchise.” reads a press release published by Kasperky. “These websites collect unwary users’ credit card data, under the pretense of necessary registration on the portal.”

Crooks set up websites that look like related to the official movie, the websites are designed to deliver the malware or for phishing purposes. Victims are instructed to make a registration or to download executable to access to the exclusive streams.

Crooks used a network of social media profiles where they distribute links to free pirated copies of the new movie. Cybercriminals also flooded file-sharing platforms with malicious files.

Kaspersky experts discovered more than 30 fake and infected streaming sites and social media pages which are advertised as the official pages of the movie. They also spotted around 65 malicious files disguised as the copies of the movie. Kaspersky experts.

“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and ‘Star Wars’ is a good example of such a theme this month,” said Tatiana Sidorina, security researcher at Kaspersky. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”

The following table shows “Star Wars”-themed malware attacks.

	2018	2019	Change
Attacks detected	257,580	285,103	+10%
Number of unique files	16,395	11,499	-30%
Users targeted	50,196	37,772	-25%

Attackers leverage ‘black SEO‘ tactic to push the malicious websites, the domains used in the campaign have the official name of the movie and provide thorough descriptions and supporting content.

Using this trick the malicious websites rank higher on popular search engines so that they appear everytime users search for the name of the movie.

The experts warn that the campaign is still active at the moment, crooks are adding new titles of movies and TV-series to the rogue websites.

To avoid falling victim to such kind of scams Kaspersky recommends taking the following steps:

Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources
Don’t click on suspicious links, such as those promising an early view of a new film
Look at the downloaded file extension. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension, among other video formats, definitely not .exe
Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with ‘https.’ Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains’ registation data before starting downloads
Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Star Wars, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.