Skip to main content

Downloading Marvel’s Black Widow online could get you malwared

Cyber security veteran Kaspersky has warned that cyber criminals are intent on leveraging and exploiting the popularity of the recently-released Marvel film Black Widow to infect devices with various kinds of malware.

Starring the likes of Scarlett Johansson, Robert Downey Jr., Rachel Weisz, and Florence Pugh, Black Widow premiered simultaneously in cinemas and on Disney+ Premier Access last Friday. The much-anticipated film from Marvel took a long time to arrive, with restless fans across the globe waiting since at least May last year to get their first glimpse of the film.

Now we all know how this works. As soon as popular movies premier, their pirated copies are made available to download or sold online via dubious websites that disappear quickly after bagging a bounty. Free copies of popular movies are also made available on Dark Web forums and zipped copies are distributed worldwide through popular social media channels.

The fun doesn’t end there. Popular and big-budget movies are also a big draw for cyber criminals and online scamsters. According to Kaspersky, scamsters have been awaiting the release of Marvel’s Black Widow with as much anticipation as fans across the globe. And it has evidence to support the claim.

Black Widow was initially slated for release in May last year. However, the pandemic forced Marvel to reschedule it to November, then to May, and finally to July this year. Kaspersky noticed tell-tale signs of cyber criminals setting up phishing websites designed to steal viewers’ credentials and dangling malicious files disguised as the new Black Widow movie centered around these release dates.

Number of attempts to infect users with files disguised as the Black Widow movie (Source: Kaspersky)

The first spike in these activities was observed amid the announced release dates, namely, May 1st 2020, and May 7th and July 9th 2021. Of all the attempts made to infect users with malware, 12% occurred before the initial release date in 2020, 13% in April 2021, and 9% in June 2021. Kaspersky explained how online scammers planned their game:

“In the hope of watching the long-awaited Black Widow movie, users visited a website showing the first few minutes of the film before being asked to register to continue watching. During the registration, to confirm their region of residence, victims were asked to enter their bank card details. After some time, money was debited from their card, and as expected, the film did not continue to play. This type of phishing is widespread and considered to be one of the most popular among scammers,” the firm said when explaining one of the tactics.

An example of a phishing website offering to stream Black Widow (Source: Kaspersky)

Anton V. Ivanov, a security expert at Kaspersky, says that big movie releases have always been a source of entertainment but they are also an attractive lure for cybercriminals to spread threats, phishing pages, and spam letters.

“Right now, we have observed intensified scamming activities around Black Widow, the release of which, fans all over the world have been eagerly anticipating for a long time. In their excitement to watch the long-awaited movie, viewers have become inattentive to the sources they use, and this is exactly what fraudsters benefit from. These attacks are preventable, and users should be alert to the sites they visit,” he says.

Kaspersky advises that Internet users should check the authenticity of websites before entering personal data and only use official, trusted web pages to watch or download movies. They should also pay attention to the extensions of files they are downloading as video files do not have .exe or .msi extensions.

Internet users should also use reliable security solutions that identify malicious attachments and block phishing sites and should avoid clicking on links that promise early viewings of content, the firm adds.

Also Read: Hackers using fake streaming site to distribute BazaLoader malware dropper


All rights reserved Teiss Recruitment Ltd.