Attackers eye popular streaming services

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 21 Jul 2020

Popular streaming service Netflix, as well as The Mandalorian, a Disney + original series, are the most popular lures used by attackers to disguise malicious files.

This is according to research by Kaspersky Labs, that also revealed that between January 2019 and 8 April this year, over 22 000 infection attempts were detected that used Netflix as a lure.

African countries were also targeted, with Kenyan users seeing 242 attacks disguised as Netflix, South Africans with 117, Nigerians with 77, Ethiopians had 27 and Egyptians topping the list with 264.

Moreover, researchers saw attempts to distribute malware covered with local platforms names, such as Showmax (61 attempts) across the region too.

Streaming services are growing in popularity, and are catching the attention of bad actors as a means to launch a variety of attacks. These could include phishing attacks aimed at collecting account credentials and financial information, as well as using the names of these services and their shows as a way to trick users into downloading threats such as Trojans, spy Trojans, adware and malware.

Researchers from Kaspersky scrutinised the cyber threat landscape of five major streaming platforms - Hulu, Disney +, Netflix, Apple TV Plus, and Amazon Prime Video over the same time period, and found 23 936 attempts to infect users of these services, and were attempting to gain access to these platforms through unofficial means via files that used the names of these platforms as a lure, with the Netflix as the most popular target.

Top targets

The researchers also looked at cyber threats associated with original content on these platforms. Upon examining 25 original shows across the five platforms above, they found that the five shows used as lures most often by malefactors were The Mandalorian, Stranger Things, The Witcher, Sex Education, and Orange is the New Black, in that order. All but The Mandalorian were on Netflix, although this series was most frequently exploited with a whopping5 855 infection attempts registered.

Anton Ivanov, a malware analyst at Kaspersky, says the so-called ‘streaming wars’ have only just begun, and as the popularity of these platforms grows, so too will the attention they receive from malicious users.

“This is particularly true since many of the platforms are experiencing unprecedented growth as a result of stay-at-home orders and employees being forced to work from home. While users may be tempted to search for alternative methods of watching their favourite content online rather than paying for another subscription, to stay safe, the best option is always to access the platforms and their shows via official sources,” says Ivanov.

To avoid falling victim to these threats, Kaspersky advises users only access streaming platforms via their own, paid subscription on the official Web site or app from official marketplaces, and to not download any unofficial versions or modifications of these platforms’ applications. In addition, it says to use different, strong passwords for each account, and employ a reliable security solution that delivers advanced protection on all devices.