Scammers are exploiting the release of Spider-Man: No Way Home movie to steal credit card and banking data along with harvesting login credentials of unsuspected users, Kaspersky has warned.
Since the dawn of the COVID-19 era, online streaming of films has increased significantly. This has provided scammers with an exclusive new opportunity to exploit the most anticipated released through scams and infected pirated versions.
Black Widow, John Wick 3, Joker, and Contagion have already become the victims of online scams, and the latest to join the list is the new Spider-Man: No Way Home movie.
Scammers Taking Advantage of New Spiderman Movie
Reportedly, scammers are exploiting the latest superhero release, Spider-Man: No Way Home, released earlier this week, to spread phishing sites and malicious files.
Ahead of the movie’s premiere, researchers at Kaspersky noted an intensified activity from scammers as numerous phishing sites popped up offering exclusive copies of the movie before its release. Kaspersky security expert Tatyana Shcherbakova noted how cybercriminals exploit the hype and excitement surrounding the movie.
“Fans’ expectations are through the roof right now, arguably higher than for any film. Everyone who has ever been a fan of Spider-Man has their own theories about the films, which can be exploited by cyber-criminals.”
How are Users Scammed?
Kaspersky researchers reported that phishing websites urged users to enter their credit card data at registration to access the movie. After the unsuspecting user entered this information, fraudsters debited the money and stole payment card data. However, the victims couldn’t access the movie.
Furthermore, cybercriminals lure fans into downloading malicious documents such as downloaders by making them believe they were downloading the movie. These downloaders install numerous programs, including trojans and adware.
Trojans would let attackers gain extended privileges on the infected device and perform actions that the user hasn’t authorized the software, for instance, impacting the computer’s performance or modifying the data.
“To boost interest in the phishing pages, fraudsters do not use official posters from the film, but rather fan art featuring all the Spider-Man actors. With such posters, cybercriminals want to attract more attention from fans,” researchers noted.
Scammers are also leveraging fan theories and rumors to monetize from the latest superhero flick. Such as, they are exploiting the news that Andrew Garfield and Toby Maguire are making a comeback in the franchise.
“Forgetting about cybersecurity, the audience is in a hurry to find out the secrets of the premiere movie, and fraudsters are using fan arts and trailer cuttings as bait to make victims download malicious files and enter banking details. We encourage users to be alert to the pages they visit and not download files from unverified sites,” Kaspersky’s report read.
