Security Market Segment LS
Tuesday, 24 December 2019 15:47

Attackers use release of last Star Wars film to try their standard tricks

Attackers use release of last Star Wars film to try their standard tricks Courtesy Kaspersky

Researchers from security firm Kaspersky have found more than 30 fraudulent websites claiming to offer free downloads of the last Star Wars film, which opened on 19 December, but actually harvesting users' credit card data while they register for the expected free download of the film.

The company said the names of these sites were styled to appear genuine and contained plenty of data about Star Wars: The Rise of Skywalker to give the impression that they were kosher.

The practice of adopting names that appear to be genuine called black SEO and it allows criminals to promote phishing sites so that they appear at the top of search results, when people search for "name_of_film watch free" and the like.

To make the bogus website appear legitimate, the people behind them also set up Twitter and other social media accounts and used them to distribute links to the content. Kaspersky researchers said they had found that so far 83 users had been affected by 65 malicious files disguised as files of the film.

"It is typical for fraudsters and cyber criminals to try to capitalise on popular topics, and ‘Star Wars’ is a good example of such a theme this month. As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times," said Kaspersky security researcher Tatiana Sidorina.

star wars twitter

Screenshot of a fake Star Wars-related account on Twitter distributing malware-ridden files. Courtesy Kaspersky

"We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen."

Apart from phishing, attackers also use files with names similar to those of films to spread malware.

"In 2019, Kaspersky detected 285,103 attempts to infect 37,772 users seeking to watch movies of the renowned space-opera series, signifying a 10% rise compared to last year," the company said.

"The number of unique files used to target the users amounted to 11,499 - a 30% drop on last year. The data shows that even years after the film’s premiere, a significant number of users will still seek to download malicious files in the hope of watching the famous space adventures free."

The company offered the following advice to fans:

  • Pay attention to the official movie release dates in theatres, on streaming services, TV, DVD, or other sources;
  • Don’t click on suspicious links, such as those promising an early view of a new film; check film release dates in the cinema and keep track of them;
  • Look at the extension of any file you are planning to download. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension among other video formats, definitely not .exe; and
  • Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with "https". Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains’ registration data before starting downloads.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments