The Mandalorian, Stranger Things, The Witcher, Sex Education, Orange is the New Black: these are the bait titles used by cybercriminals to try to infect the PCs of less savvy users.
In short, the passion for TV series as a pick for the bad guys: to report it is one of the latest Kaspersky investigations published a few days ago. Apparently, one of the areas of greatest vulnerability is linked to the world of entertainment, which is used as a means to launch different types of cyber attacks.
The lever is, as always, curiosity, or rather the impatience of the public to see new productions. While on the one hand there are those who, in an attempt to save on subscriptions to video streaming services, look for alternative channels to the official ones for the use of content, often ending up falling into the traps hidden by some wording of free download, on the other hand there are those who, despite having a regular account, log in by mistake on fake portals.
As for the former, Kaspersky found that, between January 2019 and April 2020, 5,577 users exposed themselves to various types of cyber threats while trying to access platforms by unofficial means or lured by files that used the names of various streaming services as a decoy. First of all, since among the best known, it is obviously Netflix. These behaviors have led to 23,936 attempts at infection with threats of various kinds.
As anticipated at the beginning, the five titles most frequently used by criminals as bait to deceive users are, in fact, The Mandalorian, Stranger Things, The Witcher, Sex Education and Orange is the New Black: over 4,500 Kaspersky users have been exposed to malicious files that used the name of one of these TV series, for a total of 18,947 registered infection attempts.
The gold medal goes to The Mandalorian (of which the second season will be released on Disney + in October), a name that has led at least 1,614 users to download a malicious file, for a total of 5,855 attempts at infection. Typically, these are Trojans, which allow attackers to take control of the infected device, with consequences ranging from deleting data to blocking the computer.
In the second case, namely that of those who, despite having a regular account, log in by mistake on fake portals, it is phishing: the fake versions of the online pages for accessing the various services are used to collect the credentials of careless users. Netflix is usually the most popular target, of which researchers found fake login pages in as many as four different languages.
A similar purpose has the sending of unofficial emails that aim to obtain payment data for a service. To increase the risks, also the habit of sharing one's login credentials with relatives or friends, or the attempt to access online streaming platforms with alternative methods, looking for solutions that seem free and instead hide some pitfalls.