Kaspersky: ‘Beware entertainment malware’

According to cybersecurity specialist Kaspersky, 2019 was officially the year the Streaming Wars kicked off, as nearly all major networks hurried to profit from consumers’ new, preferred method of consuming content: streaming platforms.

The company suggests that cyberthreats aren’t relegated to the world of big businesses and large-scale campaigns, with the most frequent attacks actually being the daily encounters with malware and spam by everyday users, with one of the areas where we’re most vulnerable being entertainment – particularly when we’re so used to finding everything and anything we want to watch or play for little or no money online.

“That’s why, last year, we took a look at how cybercriminals use popular shows to spread malware,” says the firm. “This year, we turned to a no less popular entertainment sector: streaming platforms. Not only are millions of account purchasers susceptible, but so are the millions more who receive access via relatives or friends that share their passwords and an unknown number of people who attempt to gain access to these platforms at a discount or are relegated to finding other methods of viewing their content in areas where the services aren’t available.

To help make users around the world become aware of the threats—and stay protected— Kaspersky has taken an in-depth look at the cybercrime landscape of streaming services.

It analysed several different types of threats—malware associated with streaming platforms and the original content they release, as well as phishing emails and fake websites/login pages. The results reflect those users (mobile or PC) that encountered various threats from January 2019 until April 8th, 2020. The streaming platforms analysed are Netflix, Hulu, Amazon Prime Video, Disney + and Apple TV Plus.

When it comes to streaming platforms, malware and other threats (such as adware) are most often downloaded when users attempt to gain access through unofficial means—whether by purchasing discounted accounts, obtaining a ‘hack’ to keep their free trial going, or attempting to access a free subscription. Many times, these unofficial links or files come bundled with other malicious programs, such as Trojans and backdoors.

Key Findings:

• A common phishing scheme involves asking users to confirm or update their payment information for a streaming platform account. Upon doing so, cybercriminals gain access to users’ financial information (credit card info/billing details).
• No Kaspersky users encountered threats while attempting to access Apple TV Plus.
• Netflix is, by far, the platform most frequently used by criminals as a lure to trick Kaspersky users into downloading various threats, either while they attempt to gain access to the platform, modify the application, or gather login info.
• When attempting to gain access to streaming platforms, 5,577 unique Kaspersky users encountered through links that used the name of legitimate platforms—Hulu, Netflix, Amazon Prime, or Disney +—as a lure or while attackers attempted to gain credentials of these platforms’ users.
• There were a total of 23,936 attempts to infect these 5,577 users
• The most frequent threat encountered for all attacks that used the name of one of the five streaming platforms above were different types of Trojans, which made up 47 per cent of all encountered threats.
• The greatest number of attacks registered that contained the name of Netflix as a lure, came from Germany. For Amazon Prime: the United States. For Hulu: Dominican Republic. .
• 6,661 Kaspersky users encountered malware when coming across account checkers while trying to gain access to Hulu, Netflix, Amazon Prime, or Disney +.
• There were a total of 57,784 attempts to infect these 6,661 users
• The five original shows which were most often used by malware creators to attract the attention of potential victims and lure them into installing various threats were The Mandalorian, a Disney + original, followed by Netflix’s Stranger Things, The Witcher, Sex Education, and Orange is the New Black.
• More than half of the attacks (51 per cent) disguised as one of the five shows most frequently used as a lure came from Spain.

One of the oldest—and most effective ways—for stealing account credentials is through phishing. Phishing scams related to streaming platforms include creating imitations of login pages as a way to harvest credentials. And Netflix remains the most popular target. Kaspersky researchers found fake Netflix login pages in four different languages (French, Portuguese, Spanish, and English). They also found imitations of Hulu.

“Streaming services not only provide a prime target for spam and phishing scams, they also come in handy when trying to deliver malware,” warns Kaspersky. “Of course, those who subscribe to streaming services through official channels and only use approved versions of the apps can, in most cases, avoid accidentally downloading malware or other threats,”  it notes.

Netflix was the most common platform used by criminals as a way to lure users into downloading various threats by far, with Hulu being the second most popular and Amazon Prime the third. Only 28 users encountered various threats while trying to watch Disney + through unofficial means and none when trying to watch to Apple TV Plus.

Kaspersky notes that streaming services such as Netflix made their name not only from streaming third parties’ movies and TV shows but producing their own content. For those who want to see these original shows, but not pay $5-$10 dollars a month on a subscription, the only way to watch them is by downloading them from a third party. This, of course, carries a risk of downloading malware.

In terms of the number of unique users affected, the 10 original shows (among the 25 mentioned in the Methodology section of the study) most frequently used by criminals as a lure to distribute various threats, including malware, were:

The Mandalorian (Disney +)	1614
Stranger Things (Netflix)	1291
The Witcher (Netflix)	1076
Sex Education (Netflix)	420
Orange is the New Black (Netflix)	253
Ozark (Netflix)	177
The Man in the High Castle (Amazon Prime Video)	142
The Expanse (Amazon Prime Video)	119
Fleabag (Amazon Prime Video)	102
Castle Rock (Hulu)	99

The ten original shows from Amazon Prime, Apple TV Plus, Hulu, Netflix, and Disney + most frequently used as a lure to distribute various threats and the number of unique users that encountered various threats

“The streaming wars have only just begun—and so too has the various cybercrime associated with it,” warns Kaspersky. “The global pandemic and subsequent surge in subscribers has only provided additional impetus for cybercriminals to target these platforms,” it says, suggesting that no matter the platform or the show you choose to watch, it is important to take certain precautions to stay safe. In order to stay safe from phishing scams related to streaming platforms, Kaspersky experts recommend:

• Look carefully at the sender’s address: if it comes from a free e-mail service or contains meaningless characters, it’s most likely fake
• Pay attention to the text: well-known companies wouldn’t send emails with poor formatting or bad grammar
• Don’t open attachments or click on links in emails from streaming services particularly, if the sender insists upon it. It’s better to go to the official website directly and log into your account from there
• Be wary of any deals that seem too good to be true, such as a “one-year free subscription”
• Do not visit websites until you are sure they are legitimate and start with ‘https’
• Once on a website, check that it is authentic
• Double-check the format of the URL or the spelling of the company name, as well as read reviews and check the domain’s registration data before starting any downloads
• Use a reliable security solution like Kaspersky Security Cloud that identifies malicious attachments and blocks phishing sites

To protect yourself from malware when trying to watch streaming platforms or their original series:

• Whenever possible, only access streaming platforms via your own, paid subscription on the official website or app from official marketplaces
• Do not download any unofficial versions or modifications of these platforms’ applications
• Use different, strong passwords for each of your accounts
• Using a reliable security solution like Kaspersky Security Cloud that delivers advanced protection on all your devices