Billie Eilish malware attacks 15 000 SA users 

Read time 2min 20sec

Cyber criminals are actively abusing the names of artists and songs nominated in Grammy awards in order to spread malware.

Kaspersky technologies detected a 39% rise in attacks - attempts to download or run malicious files - under the guise of nominees’ work in 2019, compared to 2018.

“Even in the age of streaming services, music is not free from malicious activity: criminals use popular artists’ names to spread malware hidden in music tracks or video clips,” says Kaspersky.

With the Grammy’s being the biggest music awards of the year,  to show the extent of the problem Kaspersky researchers analysed Grammy 2020 nominated artists’ names and song titles for malware. 

As a result, Kaspersky found a total of 30 982 malicious files that used the names of artists or their tracks in order to spread malware, with 41 096 Kaspersky product users having encountered them.

Analysis of the nominated artists showed that Ariana Grande, Taylor Swift and Post Malone were used the most to disguise malware, with over half of detected malicious files named after them.

However, according to Kaspersky, the connection between the rise in popularity and malicious activity is evident in the case of newer artists such as Billie Eilish. The teenage singer became extremely popular last year, and the number of users who downloaded malicious files with her name has risen almost tenfold compared to 2018. In South Africa, malware disguised as Billie Eilish songs accounted for only 205 in 2018, while 2019 saw this number increased to 15 354.

Anton Ivanov, Kaspersky security analyst, said attackers are always trying to capitalise on what is popular. Music, as well as TV shows, remains one of the most popular types of entertainment and, as a result, an attractive way to spread malware.

“However, as we see more and more users subscribing to streaming platforms, which do not require file download in order to listen to music, we expect that malicious activity related to this type of content will decrease,” he adds.

To avoid falling victim to malicious programs pretending to be popular music files, Kaspersky advises users to opt for reputable music download services and avoid suspicious links promising exclusive music content. 

“Also, look at the downloaded file extension. Even if you are going to download an audio or video file from a source you consider trusted and legitimate, the file should have an mp3, .avi, .mkv or .mp4 extension among other music and video formats, definitely not .exe or .lnk,” he adds.

Login with