You definitely don’t want to play: Squid Game-themed malware is here
The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.
South Korean Netflix show Squid Game has become a runaway hit, surpassing Bridgerton to become the most watched Netflix show of all time. With 111 million viewers and counting, scammers have started to smell blood in the water, Kaspersky reports, and Squid Game-themed scams and malware have begun to appear online.
Kaspersky reports that, between September and October 2021, it found several dozen malicious files on the web with Squid Game mentioned in their names. The majority of the scams were simple Trojan downloaders that installed other malicious programs, but scammers are getting creative in other ways, too.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
“One of the cybercriminals’ schemes worked as follows: the victim was allegedly shown an animated version of the first game from the series, while simultaneously, a Trojan was invisibly launched that could steal data from users’ various browsers and send it back to the attackers’ server. A shortcut was also created in one of the folders, which could be used to launch the Trojan every time the system was started,” Kaspersky said in its report.
Pop culture-themed scams are becoming increasingly common, especially when the scam in question centers around media that can be downloaded. Two previous scams reported by Kaspersky involved similar pieces of media at the peak of their hype cycles: Marvel’s Black Widow film and Kanye West’s 2021 album, Donda.
Unsurprisingly, many of the scams that cybercriminals are using to target Squid Game fans are similar to those previous two, such as fake streaming websites that harvest data, or pirated episode downloads packed with malware.
Additionally, malicious Squid Game-themed apps have appeared in third-party app stores, and Kaspersky also reported Trojans being distributed in “various portals under the guise of other popular applications, games and books.”
Online games purporting to be digital versions of Squid Game with a 100 BNB (Binance Coin) prize (approximately $48,000 USD). Signing up means turning over personal data, with the end result being identity theft and a system likely infected with malware that will only collect more personal data if not found and stopped.
Fraudulent Squid Game merchandise websites that try to position themselves as an official store have also appeared. Those sites are a goldmine for cybercriminals: Not only are victims providing credit card or banking details, they’re also sharing personal identifying information like email address, a physical address for shipping, the victim’s real name and more.
“The Squid Game becoming a new hit lure was just a question of time. As with any other trending topic, cybercriminals have a good hunch about what is going to work and what isn’t … It’s extremely important for users to check the authenticity of websites when looking for a source to stream the show or to buy some merch,” said Kaspersky security expert Anton V. Ivanov.
Kaspersky said it recommends double-checking website URLs before opening a page or clicking on a link. Look for subtle misspellings or substituted characters, be mindful to ensure HTTPS:// precedes the URL to indicate a secure connection and check to be sure that a link you hover over matches the URL you would expect.
SEE: Security incident response policy (TechRepublic Premium)
In addition to being mindful of URLs, be sure that any files you’re downloading aren’t suspicious: Videos will never end with .EXE, .PKG, .DMG or .MSI. Those all indicate the file is an executable that could install malware.
Also be sure to have a reliable anti malware solution installed on your computer or mobile device. Better yet, only watch shows like Squid Game on their official sites and don’t buy merchandise if the website is slightly dubious in any way.