By 
This Sunday, April 25th, after a few date changes due to the pandemic, the world is finally going to experience the long waited 93rd Academy Awards, also known as the Oscars 2021. With all the restrictions driven by the Coronavirus, the organisers are looking to make the virtual ceremony as thrilling as possible.
Thus, for the first time in the history of the awards, the ceremony will be held not only in the United States but in open ‘hubs’ in London and Paris. And while the ceremony travels around the globe, in the online world, fraudsters are set to take full advantage of the interest by spreading malicious files disguised as the best picture nominees.
Kaspersky experts have found various phishing websites offering to stream Oscar-nominated movies for free before the presentation of the awards, but these end up stealing users’ credentials.
| The Best Picture nominees: |
| Judas and the Black Messiah |
| Mank |
| Minari |
| Nomadland |
| Promising Young Woman |
| Sound of Metal |
| The Father |
| The Trial of the Chicago 7 |
Best Picture nominees analysed by Kaspersky researchers
In the hope of watching an Oscar-nominated movie, users visited a site where they were shown the first few minutes of the film before being asked to register to continue watching. During the registration, to confirm their region of residence, the victim was asked to enter their bank card details. After some time, money was debited from the card, and as expected, the film did not continue to play. This type of phishing is widespread and considered to be one of the most popular among scammers.
An example of a phishing website offering to stream Minari, and Judas and the Black Messiah
Kaspersky experts have also analysed malicious files behind 2021’s Oscar nominees. As a result, the company’s researchers have found around 80 files mimicking the movies up for Best Picture.
Analysing the malware detected during the past year, Kaspersky experts found that almost 70% of malicious files are only disguised as three movies: Promising Young Woman, Judas and the Black Messiah, and the Trial of the Chicago 7. Biographical drama Judas and the Black Messiah was the most used source to spread malicious files – malware related to this film takes 26% out of the total infected files. Meanwhile, Promising Young Woman, and the Trial of the Chicago 7 close the top three, with 22% and 21% respectively.
Malicious files using the Best Picture nominees’ names detected by Kaspersky products
Overall, Kaspersky experts highlight that spreading malware under the guise of popular films is not a recent interest of fraudsters.
“Cybercriminals have always tried to monetise users’ interest in various sources of entertainment, including movies. We see that big events in the film industry can boost some interest from the cybercriminal community, but today this type of malicious activity is not as popular as it used to be. Nowadays, more and more people are switching to streaming services, which are more secure because they do not require downloading files. Still, films serve as a popular lure to spread phishing pages and spam emails. These attacks are preventable, and users should be alert to the sites they visit,” comments Anton V. Ivanov, who is a security expert at Kaspersky.
To avoid falling victim to a malicious programs and scam, Kaspersky advises users to:
- Check the authenticity of websites before entering personal data and only use official webpages to watch or download movies. Double-check URL formats and company name spellings.
- Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
- Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites.
- Avoid links promising early viewings of content, and if you have any doubts about the authenticity of content check it with your entertainment provider.
