Cybercriminals disguising as top streaming services to spread malware

cybercriminals-disguising-as-top-streaming-services-to-spread-malware

Malicious actors are posing as Netflix, Hulu, and more, to launch phishing attacks, steal passwords, launch spam, and distribute viruses.

Image: IStockphoto/metamorworks

Kaspersky’s latest research identifies the top streaming services cybercriminals most use to disguise malicious files and lure vulnerable users. The report, released on Thursday, also found the specific shows on each platform that cybercriminals used to fool victims. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

The year 2019 was host to what the report refers to as “Streaming Wars,” or the moment when major network providers realized streaming services were the preferred method of consuming content. While services like Netflix and Hulu were already well established, other platforms like Apple TV+, Disney+, and HBO Max got in on the action. 

Streaming service usage has been bolstered in 2020 as a result of the coronavirus pandemic. Viewers stuck at home are turning to streaming platforms more than ever: Half of US states increased video streaming by 50% during quarantine, ZDNet reported. 

However, just as all popular tech trends go, the increase in streaming use has opened a new attack channel for cybercriminals. These malicious actors use the sites as disguises to distribute malware, steal passwords, spread spam, and launch phishing attacks, according to the report.

“The so-called ‘streaming wars’ have only just begun, and as the popularity of these platforms grows, so too will the attention they receive from malicious users,” said Anton Ivanov, malware analyst, in the release. 

“This is particularly true since many of the platforms are experiencing unprecedented growth as a result of stay-at-home orders and employees being forced to work from home. While users may be tempted to search for alternative methods of watching their favorite content online rather than paying for another subscription, to stay safe, the best option is always to access the platforms and their shows via official sources,” Ivanov said.

SEE: How to protect your Twitter account from being hacked (TechRepublic) 

Kaspersky researchers evaluated the cyber threat landscape across five major streaming platforms–Hulu, Disney+, Netflix, Apple TV+, and Amazon Prime Video—from January 2019 to April 2020. 

Over that time, a total of 5,577 users were exposed to threats when trying to gain entry into these platforms through unofficial means. In total, there were 23,936 attempts to infect users with a variety of threats, the report found.

Top platforms cybercriminals disguise as 

The report identified the following platforms cybercriminals used as disguises along with the number threats they were used for:

1. Netflix (5,103)

2. Hulu (256)

3. Amazon Prime (214)

4. Disney+ (28)

Netflix was used the most frequently, by far, to lure Kaspersky users into downloading various threats, either while trying to modify the application, gain access to the platform, or gather login info, according to the report. 

The most frequent threat across all attacks were different types of Trojans, which made up nearly half (47%) of all threats. Trojans allow cybercriminals to delete and block data on devices, or even interrupt the performance of the computer. 

SEE: Watch out for these subject lines in email phishing attacks (TechRepublic)

One of the Trojans distributed were Spy Trojans, which track the users’ actions on the infected device, leaving the users susceptible to having personal files or photos collected, as well as login and password information for financial accounts stolen, according to the report. 

Malware was also a popular avenue, with 6,661 Kaspersky users reportedly encountering malware when coming across account checkers when attempting to gain access to Hulu, Netflix, Amazon Prime, or Disney+. Phishing was also used by malicious actors, who most often imitated Netflix and Hulu, the report found.

The research also identified the top original content on these platforms and found the five shows that bad actors most frequently used to lure targets. 

1. The Mandalorian (Disney+)

2. Stranger Things (Netflix) 

3. The Witcher (Netflix) 

4. Sex Education (Netflix)

5. Orange is the New Black (Netflix) 

How to stay protected 

The report offered the following three recommendations for users to protect themselves against these threats. 

  • Only access streaming platforms through your own paid subscription on the official website or app from official marketplaces
  • Do not download unofficial modifications or versions of these platform applications

  • Use different, strong passwords for every account 

For more, check out Billions of passwords now available on underground forums, say security researchers on ZDNet.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see