Fraudsters are leveraging the latest Spider-Man movie to spread malicious files and phishing pages, researchers from Kaspersky have warned.
The latest installment of the super-hero franchise, No Way Home, was released in cinemas earlier this week to much fanfare. The new study has highlighted how scammers are trying to take advantage of the excitement surrounding the new film, with intensified activity observed ahead of its premiere.
Kaspersky said they discovered numerous phishing websites pop up ahead of the premiere, purporting to show the movie online. These sites asked users to register and enter their credit card information to access the film, upon which money was debited and payment data stolen by the fraudsters. Unsurprisingly, the victims were unable to stream the feature.
In addition to tricking users into giving away payment information, cyber-criminals are trying to entice Spider-Man fans into downloading malicious files, believing they are downloading the movie. These include downloaders that can install other unwanted programs, adware and Trojans. The latter of these can allow the threat actors to perform actions that are not authorized by the user, such as gathering modifying data or disrupting the performance of computers.
The researchers added that fraudsters are leveraging the growing popularity of fan theories and fan art around the Spider-Man franchise to boost interest in their malicious websites. This has been exacerbated in the latest release by rumors that Tobey Maguire and Andrew Garfield are returning as Spider-Man from their respective films. Therefore, some malicious sites use fan art featuring all the Spider-Man actors rather than official movie posters.
Tatyana Shcherbakova, security expert at Kaspersky, commented: “Fans’ expectations are through the roof right now, arguably higher than for any film. Everyone who has ever been a fan of Spider-Man has their own theories about the films, which can be exploited by cyber-criminals. Forgetting about cybersecurity, the audience is in a hurry to find out the secrets of the premiere movie, and fraudsters are using fan arts and trailer cuttings as bait to make victims download malicious files and enter banking details. We encourage users to be alert to the pages they visit and not download files from unverified sites.”
Online streaming of movies and other entertainment has increased considerably since the start of the COVID-19 pandemic, and other big movie releases this year, like Black Widow and the James Bond film No Time to Die, have been similarly leveraged by cyber-villains to launch scams and spread malicious files.