This Sunday (25 April), after a few date changes due to the pandemic, the world is finally going to experience the long waited 93rd Academy Awards, also known as the Oscars 2021.
With all the restrictions driven by the Coronavirus, the organisers are looking to make the virtual ceremony as thrilling as possible. Thus, for the first time in the history of the awards, the ceremony will be held not only in the US but in open “hubs” in London and Paris.
And, while the ceremony travels around the globe, in the online world, fraudsters are set to take full advantage of the interest by spreading malicious files disguised as the best picture nominees.
Kaspersky experts have found various phishing websites offering to stream Oscar-nominated movies for free before the presentation of the awards, but some end up stealing users’ credentials.
In the hope of watching an Oscar-nominated movie, users visited a site where they were shown the first few minutes of the film before being asked to register to continue watching.
During the registration, to confirm their region of residence, the victim was asked to enter their bank card details.
After some time, money was debited from the card and, as expected, the film did not continue to play.
This type of phishing is widespread and considered to be one of the most popular among scammers.
Kaspersky experts have also analysed malicious files behind 2021’s Oscar nominees. As a result, the company’s researchers have found around 80 files mimicking the movies up for Best Picture.
Analysing the malware detected during the past year, Kaspersky experts found that almost 70% of malicious files are only disguised as three movies: Promising Young Woman, Judas and the Black Messiah, and the Trial of the Chicago 7.
Biographical drama Judas and the Black Messiah was the most used source to spread malicious files – malware related to this film takes 26% out of the total infected files. Meanwhile, Promising Young Woman, and the Trial of the Chicago 7 close the top three, with 22% and 21% respectively.
Overall, Kaspersky experts highlight that spreading malware under the guise of popular films is not a recent interest of fraudsters.
“Cybercriminals have always tried to monetise users’ interest in various sources of entertainment, including movies,” comments Anton Ivanov, a security expert at Kaspersky. “We see that big events in the film industry can boost some interest from the cybercriminal community, but today this type of malicious activity is not as popular as it used to be.
“Nowadays, more and more people are switching to streaming services, which are more secure because they do not require downloading files. Still, films serve as a popular lure to spread phishing pages and spam emails. These attacks are preventable, and users should be alert to the sites they visit.”