Researchers spot dangerous Squid Game-themed phishing emails


squid-game-netflix-season-two

Don’t play around with Squid Game phishing emals.


Netflix

Watch out for emails pushing Squid Game-themed Halloween costumes, online games and even sneak previews of a potential season two. Cybersecurity researchers say they may be carrying dangerous malware.

Earlier this week, Kaspersky researchers reported that starting in September they found several dozen malicious files online posing as content related to the popular Netflix show. But, in reality, most of the files contained trojan downloaders bent on installing other malicious programs on people’s devices. Some of the other files included adware and fraudulent offers of Squid Game Halloween costumes designed to steal credit card information, Kaspersky said.

One of the schemes spotted by Kaspersky offers an animated version of the first game from the series. But, while the victim is watching, a trojan designed to steal data from users’ web browsers and send it back to the attackers Is launched in the background The malware also creates a hidden shortcut that could be used to launch the malware each time the victim starts up their system, Kaspersky said. 

Kaspersky also found Squid Game-themed mobile malware distributed through third-party apps stores and disguised as apps, games and books. They claim to contain episodes of the show for download, but instead contain the same kinds of data-stealing trojans as the other malware.

Other security companies are also starting to spot the malware. Proofpoint announced Thursday that its researchers had pinpointed a specific cybercrime group that it says is using Squid Game-themed phishing emails to distributing the notorious Dridex malware. 

Dridex is an exceptionally effective banking trojan, Proofpoint said. If it infects your computer, it could lead to data theft or the installation of additional malware such as ransomware

Proofpoint says it spotted thousands of the emails earlier this week. In them, the attackers claim to be associated with the show and offer up access to a new season, along with chances to become a part of the show’s cast.

To avoid becoming a victim, Kaspersky’s experts say you should always check the authenticity of websites before offering up personal information and only download movies and other files from official sites. Double check your URLs and company name spellings to make sure you’re not heading to a spoofed site.

Avoid links promising exclusive or early access to content. If it seems too good to be true it probably is. Pay attention to the extensions of files you’re downloading. For example, a video file will never have a .exe or .msi extension. 

And, of course, Kaspersky recommends using security software, such as its own Kaspersky Security Cloud, which identifies malicious attachments and blocks phishing sites. 



Source link

See also  Tesla debuts Sentry Mode Live Camera Access mode for iOS app

Latest

A humbling week for bond bears

Towards the end of January, UBS asked the question that mattered most for global markets: “Bond bears come out of hibernation, but is...

Roblox players suffer through game platform’s third day offline

 Roblox offers young players access to millions of games.RobloxRoblox has been down for nearly three days, leaving millions of young players of the online...

Strong Australia- Japan ties may cast over China’s global ambitions in Indo-Pacific

The growing closeness between Australia and Japan, which are on the flanks of China’s backyard the South China Sea and the East China...

How to become a successful Nutritionist?

With the surge in lifestyle diseases owing to numerous behavioural risk factors, the demand for nutritionists is skyrocketing globally. In addition, people have become...
See also  Dune director Denis Villeneuve on HBO Max and sequel: 'A crazy way to do things'