Squid Game Scams Become A New Cyber Threat
JAKARTA - It's been more than a month since the launch of the Squid Game, cybercriminals have also tricked fans of the South Korean survival drama tv series, by taking advantage of the current momentum.
Netflix's biggest series, which has managed to reap more than 111 million viewers, did not escape cybercriminals who did not hesitate to take advantage of this momentum by creating fraudulent schemes on users' online platforms.
Kaspersky experts share the latest insights on the most common and sophisticated Squid Game-related threats on the web, including Trojans, adware, to suspicious offers from selling Halloween costumes.
Don't Download Squid Game Episodes from Unofficial Sources
From September to October 2021, Kaspersky discovered several dozen different malicious files on the web, posing as Squid Game. In a number of cases analyzed, Kaspersky experts found a Trojan downloader that could install malicious programs, as well as other Trojans and adware.
One of the schemes of cybercriminals is that victims are allegedly shown an animated version of the first game in the series, and simultaneously, an invisible Trojan is launched that can steal data from various users' browser data and send it back to the attacker's server. A shortcut is also created in one of the folders, which can be used to launch the Trojan every time the system starts.
Kaspersky also discovered mobile malware exploiting the fame of Squid Game. Instead of getting the Squid Game download, the user actually downloads the Trojan.
When the application is launched on the device, it asks the control server to complete its task. This could for example be, opening a tab in the browser or sending an SMS to the number received from the control server. This Trojan is distributed on unofficial app stores and various portals under the guise of popular apps, games, books, etc.
Beware of Squid Game Costume Sales
Coinciding with the moment of Halloween, cybercriminals understand that this series will become the costume that people are most interested in. Kaspersky experts noticed that a lot of fake shops related to Squid Game started popping up.
Most of them offer the opportunity to buy costumes like the ones worn by the players in the series, and they claim to be official stores. However, when shopping on the site, users run the risk of losing their money and not getting the desired item.
In addition, users have also indirectly shared banking and personally identifiable information such as card details, including email addresses, residential addresses, and full names with cybercriminals in order to make these purchases.
Don't be tempted by games in the name of the Squid Game
In addition to the classic phishing page offering Game Squid streaming, Kaspersky has also found several pages offering to compete in the online version of the game to win the grand prize of 1000 BNB (Binance coin). Furthermore, players will not receive the promised rewards and instead end up downloading malware and even losing data.
“The Squid Game that became the new attraction was only a matter of time. Like other trending topics, cybercriminals have a good feeling about what will work and what won't. When Squid Game is growing rapidly among the public, we have seen many phishing pages that offer players costumes like in the series, to invite users to play similar games online," said security expert at Kaspersky, Anton V. Ivanov.
Needless to say, eventually the targets end up losing data, money, and even malware installed on their devices. It's very important for users to check the authenticity of the website when looking for sources to stream events or make merchandise purchases."
To avoid becoming a victim of malicious programs and online scams, Kaspersky advises users to:
- Always check the authenticity of the website before entering personal data and only use the official website to watch or download movies. Double-check the URL format and spelling of the company name.
- Pay attention to the file extensions you download, video files will never have .exe or .msi extensions.
- Use a security solution such as Kaspersky Security Cloud, which identifies malicious attachments and blocks phishing sites.
- Avoid links that promise content early viewing, and if in doubt about the authenticity of the content, contact your entertainment provider.