Heimdal
article featured image

Contents:

The waiting is over! After being postponed for almost a year because of the COVID-19 pandemic, Marvel’s Black Widow film is finally released in movie theatres and online streaming platforms.

Unfortunately, Marvel Universe fans are not the only ones excited, with the Black Widow movie release getting the attention of multiple scammers and cybercriminals.

According to a research conducted by cybersecurity company Kaspersky, threat actors have been illegally monetizing interest in the new flick for months.

Black Widow-themed Phishing Websites Created to Steal Users’ Credentials

While the movie is yet to be released in some countries, cybersecurity researchers have identified malicious files under the appearance of the new Black Widow movie that are already circulating all over the internet.

In order to determine the extent of scamming involving the release, Kaspersky specialists analyzed malicious files posing as the new Black Widow film. According to the company, several Black Widow-themed phishing websites are operating to steal user credentials.

Some of the users were promised to watch an early preview on one of the websites analyzed by the security researchers but in order to get that they had to register to that specific website.

During the registration process, users were asked to enter their credit card details to confirm their residence region. Afterward, they saw that money was debited from their card while they still didn’t get complete access to the movie.

Researchers noticed spikes in endeavors to infect users that occurred simultaneously with the dates on which the movie was announced and its launch dates.

black widow malware scam

Source

They found this incline in infection attempts initially after the movie’s official announcement back in May 2020, around its original release date of November 2020, and the latest in May 2021.

black widow malicious attempt

Source

At two different points during the past year, infections attempts took place on 13% of streams and downloads associated with the Black Widow movie.

Right now, we have observed intensified scamming activities around Black Widow, the release of which, fans all over the world have been eagerly anticipating for a long time. In their excitement to watch the long-awaited movie, viewers have become inattentive to the sources they use, and this is exactly what fraudsters benefit from.

Source

Kaspersky security expert Anton V. Ivanov said:

Big movie releases have always been a source of entertainment but they are also an attractive lure for cyber-criminals to spread threats, phishing pages, and spam letters.

How to Stay Protected

Hackers don’t use only phishing websites to trick unsuspicious users but also diverting executable files claiming them to be movie downloads. In order to stay protected, look out for files that have a .EXE or .MSI extension, because movie files usually have .MP4, .AVI, .MOV, .WMV, or .M4P extensions.

Furthermore, be careful with the website’s address you have to access in order to watch or download the film. Check the address twice to eliminate any foul play, as cybercriminals frequently make small changes to the domain or movie name.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE