During the month following its release, Squid Game, a South Korean survival drama tv-series, became Netflix’s biggest series, with more than 111 million viewers. Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web. Kaspersky experts share their insights on the most common and sophisticated Squid Game related threats found in the wild, including Trojans, adware, and phishy offers of Halloween costumes.
Download an episode of Squid Game…and some malware
From September to October 2021, we found several dozen different malicious files on the web, the names of which mention Squid Game.
In most cases analyzed, we discovered Trojan-downloaders able to install other malicious programs, but there were also other Trojans and adware. One of the cybercriminals’ schemes worked as follows: the victim was allegedly shown an animated version of the first game from the series, while simultaneously, a Trojan was invisibly launched that could steal data from users’ various browsers and send it back to the attackers’ server. A shortcut was also created in one of the folders, which could be used to launch the Trojan every time the system was started.
Kaspersky have also found mobile malware exploiting Squid Game. Hoping to download an episode of Squid Game, user downloaded a Trojan. When an application is launched on a device, it asks the control server for tasks to complete. This can be, for example, opening a tab in the browser or sending an SMS to numbers received from the control server. This Trojan is distributed in unofficial app stores and various portals under the guise of other popular applications, games, and books.
Squid Game suits for sale
As Halloween is coming up, the answer to which character to be this year seems is top of mind. And cybercriminals think so too. We observe that many Squid Game related fake stores are starting to appear. Most of them offer an opportunity to buy the costumes just like players wore in the series – such stores falsely position themselves as official. However, when shopping on such sites, users’ risk not receiving the merchandise and losing their money. Moreover, targets end up sharing with cybercriminals their banking and personal identity information since they are asked to provide card details and personal data, including an email address, residence address, and full name.
An example of phishing page offering to buy Squid Game merch
Enter the Squid Game online…and lose your identifying and banking information
Besides ‘classic’ phishing pages offering to stream Squid Game, we also found several pages offering to compete in an online version of the game to win the main prize – 100 BNB (Binance coin). Needless to say, the player never receives the promised reward and ends up losing their data or downloading malware.
An example of a phishing page offering to play Squid Game online to win 100 BNB
“The Squid Game becoming a new hit lure was just a question of time. As with any other trending topic, cybercriminals have a good hunch about what is going to work and what isn’t. As the ‘Squid Game’ is hyping, we observe many phishing pages offering to buy the recognizable suits from the show; other ones invite users to play the games from the show online. Needless to say, targets end up losing their data, money, and having malware installed on their device. It’s extremely important for users to check the authenticity of websites when looking for a source to stream the show or to buy some merch,” comments Anton V. Ivanov, security expert at Kaspersky.
To avoid falling victim to malicious programs and scams, Kaspersky advises users to:
· Check the authenticity of websites before entering personal data and only use official webpages to watch or download movies. Double-check URL formats and company name spellings.
· Pay attention to the extensions of files you are downloading – a video file will never have an .exe or .msi extension.
· Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites.
· Avoid links promising early viewings of content, and if you have any doubts about the authenticity of content, check it with your entertainment provider.
Source: www.darkreading.com