Photo Credit: Disney/Lucasfilm
- Kaspersky detected 285,103 attempts seeking to watch Star Wars titles
- So far, 83 users have already been affected by 65 malicious files
- Users are cautioned to look at the file extension
Cybersecurity researchers on Sunday said they have discovered over 30 fraudulent websites and social media profiles disguised as official movie accounts of ‘Star Wars: The Rise of Skywalker’ that are distributing free copies of the latest film in the franchise while collecting users’ data. Cybersecurity firm Kaspersky detected 285,103 attempts to infect 37,772 users seeking to watch movies of the popular space-opera series, signifying a 10 percent rise compared to last year.
The actual number of these fraudulent websites may be much higher which are collecting unwary users’ credit card data, under the pretense of necessary registration on the portal.
“As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen,” said Tatiana Sidorina, security researcher at Kaspersky.
Popular films are often used by cybercriminals as bait to distribute malware, and the latest movie is no exception.
To further support the promotion of fraudulent websites, cybercriminals have also set up Twitter and other social media accounts, where they distribute links to the content.
“Coupled with malicious files shared on torrents, this brings the criminals results. So far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie,” said security researchers.
Look at the downloaded file extension.
Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension among other video formats, definitely not .exe,” the Kaspersky team cautioned.
Check the website’s authenticity.
“Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains’ registation data before starting downloads,” said the cyber security firm.