Hackers leverage Oscar nominated movies to deploy malware and steal sensitive data

This Sunday night, the new edition of the Academy Awards ceremony took place, which many threat actors tried to take advantage of to steal sensitive information from unsuspecting users in search of a pirated website to watch some of the award-nominated films.

According to a report by the security firm Kaspersky, users visited websites where, while they could find fragments of the nominated films, a registration window subsequently appeared to access the complete material: “On this registration page potential victims were asked to enter their bank card information; after performing this operation, the film stopped playing completely.”

Experts mention that this attack variant is also used to spread malware as they claim to have found around 80 malicious files associated with the names of the nominated movies in some categories of awards, including “Best Movie”. According to the report, 70% of these attacks are linked to three films: “Judas and the Black Messiah”, “Promising Young Woman” and “Trial of the Chicago 7”.

In this regard, cybersecurity expert Anton Ivanov mentions: “Threat actors will always be looking to monetize users’ interest in multiple entertainment sources. In this example, we can see that big events like the Oscar installment are used to reach a larger number of users, spreading phishing pages and malicious email.” On the other hand, experts believe that streaming platforms have contributed to the reduction of these attacks, although they are still a real security risk.

It should be mentioned that piracy in the film industry is not the only means by which threat actors deploy infections or frauds, as this practice also extends to major sporting events such as the Olympic or World Football Games, as well as holidays such as Valentine’s Day or Christmas.

Kaspersky experts mention that the best way to keep us protected against this hacking variant is to try to prevent the use of hacking websites, since in addition to violating intellectual property legislation they can jeopardize your devices and computer systems. On phishing websites, users should remember that, under no circumstances, it is advisable to enter their confidential information into such platforms, as it is practically a fact that their data will be extracted and used for malicious purposes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.