The malware behind BAFTA winners ‘Nomadland’ and ‘Promising Young Woman’
April 2021 by Kaspersky
Since March 2020, Kaspersky observed that 106 users were subjected to infection attempts using files with various threats disguised as best film nominees. Researchers found that “The Mauritanian” was the most popular bait among cybercriminals, with 22 affected users in total. Cinematography winner “Nomadland” and Original Screenplay winner “Promising Young Woman” were joint second in this rating, with 17 infected users each.
The number of unique users targeted by malware associated with nominated films
In addition, Kaspersky researchers discovered 83 files targeted with malware associated with nominated films. “Promising Young Woman”, “The Mauritanian” and ‘The Trial of Chicago” all received the highest number for most targeted files, with 15 subjected to malware in total. “Limbo” and “Mogul Mowgli” were safer in comparison to the nominees listed.
The percentage of unique files targeted by malware associated with nominated films Kaspersky experts also found phishing pages in Chinese for Cinematography winner Nomadland.
A phishing website related to Nomadland
“Films have always been popular baits to spread threats and perform phishing campaigns. Today we have discovered some interest from threat actors around the most popular films at that moment, like Nomadland and Promising Young Woman. It appears that these popular films are attracting not only viewers around the world, but also cybercriminal interest,” comments Kaspersky security expert Anton V. Ivanov.
In order to avoid falling victim to a scam, Kaspersky advises that users:
• Check the authenticity of websites before entering personal data and use only official webpages to watch films, series’ and shows. Double-check URL formats and company name spellings.
• Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
• Use a reliable security solution Kaspersky Security Cloud that identifies malicious attachments and blocks phishing sites.
• Avoid links promising early viewings of content, and if you have any doubt about the authenticity of content check it with your entertainment provider.