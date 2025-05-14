Family-favourite brands used in cyberattacks

Ahead of the International Day of Families, observed on May 15, Kaspersky experts analysed cyberthreats that use popular family-focused brands, such as Disney, Lego, Toca Boca and others as bait. The research, based on selected keywords monitoring, revealed a steady rise in attack attempts, which increased by 38% from Q2 2024 to Q1 2025.

Kaspersky telemetry shows a consistent upward trend in the number of attempted attacks exploiting children – and family-related brands. Starting from just 89 000 in Q2 2024, the number of attacks has increased quarter by quarter, reaching almost 123 000 in Q1 2025. Throughout the reported period, Kaspersky detected over 432 000 such attempts.

Among the most frequently exploited brands throughout the reported period were Lego, Disney and Toca Boca — all widely recognised and trusted by children and parents alike.

Lego-themed content accounted for the overwhelming majority of attacks, with over 306 000 attempts, followed by Disney (62 000) and Toca Boca (45 000).

Paw Patrol and Peppa Pig were also used as popular lures, though to a lesser extent — 12 500 and 4 900 attempted attacks.

Cybercriminals exploit the popularity and emotional familiarity of these brands to trick users into downloading malicious files, often disguised as cartoons or games. The more popular the brand is, the more attractive it becomes as a hook for threat actors.

Kaspersky’s analysis shows that the most common threats targeting children and families are not always the most obvious ones. Throughout the reported period, nearly 400 000 infection attempts were linked to Downloaders — software that may appear harmless but is often used to silently deliver other potentially dangerous applications.

These downloaders are frequently disguised as games, videos, or installers related to popular brands, making them especially effective at tricking users.

In addition, more than 7 800 cases involved Trojans, which can steal sensitive data, monitor activity or grant remote access to attackers. These are particularly dangerous when hiding inside seemingly innocent files, such as cheats or fan-made apps.

Meanwhile, adware accounted for over 6 400 attempted attacks, typically appearing as flashy games or video apps that bombard users with unwanted ads, slowing down devices and potentially opening the door to additional threats.

As part of the analysis, Kaspersky researchers identified multiple scam and phishing websites mimicking the design and branding of popular among family companies.

One notable example was a phishing page crafted to resemble the official Tokyo Disney Resort website. Such scams are often indistinguishable from legitimate pages at first glance, with the only difference being the URL of the website.

The fraudulent site offered users the chance to “buy” park tickets, just like the real one, and prompted them to enter their personal and payment information. However, instead of securing a magical day at the theme park, victims could have their bank card details stolen.

Another discovery made by Kaspersky researchers involved scams exploiting the name of MrBeast — a YouTube celebrity widely followed by children and teens, and well-known for giving away expensive prizes like gadgets, money and even houses.

Cybercriminals created phishing pages promising “free gifts from MrBeast”, including digital gift cards for platforms such as Roblox, Xbox and PlayStation. The site prompted users to choose their prize and complete a seemingly harmless task to claim it.

To increase urgency, a countdown timer was displayed, urging visitors to “complete a sponsored activity” within a limited time to unlock the final reward code.

The entire process is a tactic designed to redirect victims to increasingly deceptive scam pages. Eventually, users are asked to pay a small commission fee to claim their “gift”. However, after submitting the payment, the victim may be left with no reward and may have lost money.

“Cybercriminals are masters of emotional manipulation — and there is hardly anything more emotionally charged than content children trust and love. By imitating popular brands or influencers like MrBeast, attackers create a sense of familiarity and excitement that lowers users’ guard. That’s why it’s essential for parents to stay informed and teach kids how to question ‘too-good-to-be-true’ offers before clicking,” comments Evgeny Kuskov, security expert at Kaspersky.