Kaspersky researchers have discovered cybercriminals are spreading Trojans, gathering victim’s personal data, more than twice as often as unwanted software, Adware, under the guise of popular streaming services. While downloading malicious programs instead of a streaming app, users are now more likely to lose their accounts, credentials, and payment data. Kaspersky researchers have also discovered a rare fraud scheme, when cybercriminals offer the users to scan the QR-code to win an annual streaming service’s subscription, but instead redirect them to a phishing page.
To get a clear picture of what the current streaming-related threat landscape looks like, Kaspersky experts analysed malicious and unwanted program detections containing the names of the most popular streaming platforms. Looking for alternative sources to download a streaming app or an episode of a show, users faced various types of malwares, including Trojans, spyware and backdoors, as well as adware. In 2022, 35% of users who faced threats under the guise of streaming platforms were affected by Trojans. This is more than twice as much as the share adware (15%), which designed to throw unwanted advertisements up on the screen. This means that downloading a program from an unknown site, the user is now much more likely to lose personal data, accounts and money.
Among the most popular streaming platforms, cybercriminals were most active using Netflix – almost 80% of users faced threats under the guise of streaming services were looking to download this app from untrustworthy resources. In comparison, the number of users who tried to download malicious or unwanted programs under the guise of Hulu or Disney+ is eight times lower.
Movie fans now prefer streaming services more than going to the cinemas, which is why this topic is so actively used by cybercriminals. In addition to malicious or unwanted programs, cybercriminals create mass phishing pages to steal victims’ personal information and credit card details. They actively follow trends and, in an attempt, to gain the user’s trust and attention, they use images of the latest popular TV series, for example, House of the Dragon by HBO.
One of the rare fraud schemes discovered by Kaspersky offers users to scan a QR-code to win an annual subscription. After scanning the code, victims are redirected to a phishing page, where they are asked to enter their personal data, login information to the streaming service’s account and payment data.
“The era of streaming platforms has given cybercriminals more room for scams and fraudulent schemes. Streaming services now produce their own movies and series that can only be watched on their platform, but not all users are willing to pay for a subscription. So, they are actively looking for ways to download a new episode of a coveted series for free on third-party sites, which typically carries risks. Especially now, when under the guise of streaming services attackers most often spread Trojans, stealing your personal data, accounts and money from the credit cards”, comments Vasily M. Kolesnikov, a security expert at Kaspersky.
To avoid falling victim to malicious programs and scams, Kaspersky recommends to users:
- In order to secure the connection for watching streaming services and protect personal data, a safe option can be to use a special protected VPN solution.
- Besides, if you want to be able to watch your favourite movies and series from anywhere in the world, a reliable VPN service will be also a helpful option.
- If you have any doubts about the authenticity of the content, check with your entertainment provider.
- Check the authenticity of the website before entering personal data and only use official, trusted web pages to watch or download movies. Double-check URL formats and company name spellings.
- Pay attention to the extensions of files you are downloading. A video file will never have a .exe or .msi extension.
- Get full cybersecurity plus a comprehensive range of privacy tools. Safeguard your account data, securely manage your passwords, and browse, search and access content with unlimited VPN.