Turning online streaming services against users for malicious purposes is the new hack game

What’s happening?

• With lockdown still in place in many parts of the world, attackers are paying attention to the increase in the use of online streaming services and torrent downloads in a bid to capitalize themselves.
• According to Mimecast, threat actors registered over 700 domains impersonating the Netflix and Disney+ brands. The sole purpose of these websites was to steal users’ login credentials. 
• Malicious actors took advantage of pirate streaming services and movie piracy sites during the COVID-19 pandemic to infect users. In one such campaign observed, threat actors, inserted a malicious VBScript in ZIP files meant for movie downloads. 
• Avast reported a scam wherein malicious actors had set up a phony website that hyped about an ebook named ‘Pandemic Survival’. The website was tied to several well-known media brands including, CNN, People Magazine and CNBC to dupe as many people as possible.     

How to address it?

• Users should be vigilant about the phony websites that pretend to be streaming services or other well-known online media brands. 
• They should check the spellings of the URL before clicking on them. 
• Users should not be lured away by free subscriptions and offers which ultimately can lead to both personal and financial loss.