Researchers spot dangerous Squid Game-themed phishing emails

Watch out for emails pushing Squid Game-themed Halloween costumes, online games and even sneak previews of a potential season two. Cybersecurity researchers say they may be carrying dangerous malware.

Earlier this week, Kaspersky researchers reported that starting in September they found several dozen malicious files online posing as content related to the popular Netflix show. But, in reality, most of the files contained trojan downloaders bent on installing other malicious programs on people’s devices. Some of the other files included adware and fraudulent offers of Squid Game Halloween costumes designed to steal credit card information, Kaspersky said.

One of the schemes spotted by Kaspersky offers an animated version of the first game from the series. But, while the victim is watching, a trojan designed to steal data from users’ web browsers and send it back to the attackers Is launched in the background The malware also creates a hidden shortcut that could be used to launch the malware each time the victim starts up their system, Kaspersky said. 

Kaspersky also found Squid Game-themed mobile malware distributed through third-party apps stores and disguised as apps, games and books. They claim to contain episodes of the show for download, but instead contain the same kinds of data-stealing trojans as the other malware.

Other security companies are also starting to spot the malware. Proofpoint announced Thursday that its researchers had pinpointed a specific cybercrime group that it says is using Squid Game-themed phishing emails to distributing the notorious Dridex malware. 

Dridex is an exceptionally effective banking trojan, Proofpoint said. If it infects your computer, it could lead to data theft or the installation of additional malware such as ransomware. 

Proofpoint says it spotted thousands of the emails earlier this week. In them, the attackers claim to be associated with the show and offer up access to a new season, along with chances to become a part of the show’s cast.

To avoid becoming a victim, Kaspersky’s experts say you should always check the authenticity of websites before offering up personal information and only download movies and other files from official sites. Double check your URLs and company name spellings to make sure you’re not heading to a spoofed site.

Avoid links promising exclusive or early access to content. If it seems too good to be true it probably is. Pay attention to the extensions of files you’re downloading. For example, a video file will never have a .exe or .msi extension. 

And, of course, Kaspersky recommends using security software, such as its own Kaspersky Security Cloud, which identifies malicious attachments and blocks phishing sites.