As Hollywood prepares for the 2020 Oscars, research from Kaspersky has found that the widespread popularity of the movie Joker, starring Joaquin Phoenix, is being exploited by cyber criminals to deliver malicious files and malware.
Kaspersky’s research team set out to better understand how cyber criminals try to capitalise on popular interest in high-profile movies to trick their targets, and uncovered more than 20 phishing websites and 925 malicious files masquerading as legitimate – albeit, in many cases, still pirated – downloads relating to this year’s best picture nominees.
Many of these phishing websites and social media accounts offer users the chance to watch nominated films for free. Such scams will often gather user data and ask them to carry out specific tasks to gain access – these may take the form of a survey prompting users to share personal data, or installing adware, or in some cases providing credit card details.
Inevitably, after jumping through the hoops, the user does not get access to any content, and many may find themselves infected with malware or ransomware.
Kaspersky analysed each of this year’s best picture nominees – which are 1917, Ford v Ferrari, Jojo Rabbit, Joker, Little Women, Marriage Story, Once Upon a Time in Hollywood, Parasite and The Irishman – to get an idea of the level of interest towards them from the criminal underworld.
They found 304 malicious files named for Joker, 215 for 1917 and 179 for The Irishman. Korean director Bong Joon-Ho’s black comedy Parasite, about an impoverished family who infiltrate a rich household by posing as highly qualified service workers, had no malicious files associated with it.
Most of the suspect files appeared during the third or fourth week after the movie’s theatrical release date – except for Marriage Story, which only started to attract criminal attention after it debuted on Netflix and went viral on social media. In the case of The Irishman, however, cyber criminals exploited the movie heavily in the wake of its limited release on the big screen, but this activity tailed off after it arrived on Netflix.
“Cyber criminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” said Kaspersky analyst Anton Ivanov.
“However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability. To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats,” he said.
Tripwire’s Tyler Reguly, manager of security research and development, who reviews pre-release movies as a side gig in his own time, said the possibility of getting something for nothing was a temptation that too many people were susceptible to.
“When I get a new movie from a studio, I’m always surprised by the number of people who want me to share a copy with them, even when they don’t know what it is,” he said.
“The ‘I want it for free’ attitude that so many people apply to the arts is disturbing. So even though I work in cyber security, I have a hard time feeling remorse for victims who were compromised because they were trying to steal other people’s hard work.
“It is well known that piracy websites are often plagued with malicious files and malvertising, yet people continue to visit them to save $4.99 on a movie rental or to see a film a few weeks before everyone else,” he added.
“It is telling about an individual that they’re willing to risk their personal information for a couple of bucks. When you think about it, you realise why enterprises invest in locking down systems and limit the actions of their employees. If I were an employer, I think that I’d be nervous if I had employees willing to take these risks.”
Film buffs are best advised to steer clear of any form of pirated content, as it does remain illegal, but based on the reality that these laws are rarely enforced and many people are willing to take a chance, there are a number of steps one can take to minimise risk.
Besides paying attention to official release dates in cinemas, or on the likes of Netflix or Amazon Prime Video, it is never a good idea to click on any link that might promise early access, and if visiting a download website, be sure it is legitimate and that its URL begins with https. One can even double check the website is genuine by checking spellings, which often differ on fraudulent sites, and checking the domain’s registration data.
Another means of protection if downloading illegally is to check the file extension on the download. Video files have multiple possible extensions, including .avi, .mkv or .mp4. However, anything that ends in .exe will be an executable program, likely a malicious file, and should be avoided like the plague.