Kaspersky Lab: Dragons, zombies and superheroes top TV show disguises used to spread malware

TV Show infographic (Kaspersky Lab)

Cybercriminals are actively using new episodes of popular TV shows to distribute malware, research by Kaspersky Lab has found. Game of Thrones, The Walking Dead, and Arrow are the shows receiving the most attention from attackers. These and other findings are published in a new report, ‘Game of Threats: How cybercriminals use popular TV shows to spread malware.’

TV shows are one of the most popular and universal types of entertainment, yet with the rise of torrents, online streaming, and other methods of digital distribution, they often suffer from copyright infringement. In many regions, such programs can now be consumed through illegal channels, such as torrent-trackers and illegal streaming platforms. Unlike legitimate resources, torrent trackers and hosted files may send a user a file that looks like an episode of a TV show, but is in fact malware with a similar name.

TV Show infographic (Kaspersky Lab)
TV Show infographic (Kaspersky Lab)

Seeing how easily TV shows downloaded from illegitimate resources can be replaced with malware-carrying versions, Kaspersky lab researchers took a closer look at such compromised files, covering both 2018 and 2017. Leading the list in both years was Game of Thrones. In 2018, it accounted for 17% of all infected pirated content, with 20,934 attacked users, followed by The Walking Dead, with 18,794, and Arrow, with 12,163.

This is despite the fact that in 2018, there were no new episodes of Game of Thrones released, while the other shows in the ranking were accompanied by high profile promotional campaigns.

In every case observed, the malware distributors opted for the first and the last episode of each season, with the launch episode the most actively used, for example, Game of Throne’s ‘The winter is coming’ episode in Season 1.

“We can see clearly that malware distributors exploit TV shows that are in high demand on pirated websites: these are usually actively promoted dramas or action series. The first and final episodes, attracting the most viewers, are likely to be at greatest risk of malicious spoofing. Online fraudsters tend to exploit people’s loyalty and impatience, so may promise brand new material for download that is in fact a cyberthreat. Keeping in mind that the final season of Game of Thrones starts this month, we would like to warn users that it is highly likely there will be a spike in the amount of malware disguised as new episodes of this show,” said Anton V. Ivanov, security researcher at Kaspersky Lab.

To avoid falling victim to malicious programs pretending to be TV shows, Kaspersky Lab recommends taking the following steps:

  • Use only legitimate services with a proven reputation for producing and distributing TV-content.
  • Pay attention to the downloaded file extension. Even if you are going to download TV-show episodes from a source you consider trusted and legitimate, the file should have an .avi, .mkv or mp4 extension or any others, yet definitely not the .exe.
  • Pay extra attention to the websites’ authenticity. Do not visit websites allowing to watch TV-show until you are sure that they are legitimate and start with ‘https’. Check that the website is genuine, by double- checking the format of the URL or the spelling of the company name, before starting downloads.
  • Don’t click on suspicious links, such as those promising an early view of a new episode; check the TV-show schedule and keep track of it.
  • Use reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.

Read the full text of the report on Securelist.com