The appeal of obtaining free copies of Oscar-nominated movies is being used to distribute malware and phish user details, security researchers at the cybersecurity firm Kaspersky Lab revealed today.

The researchers discovered more than 20 phishing websites and 925 files that were presented as free movies with many being promoted by accounts on Twitter Inc.

The sites force users to carry out a variety of tasks, such as taking surveys, providing personal details, installing adware or in some cases providing credit card details in order to obtain access to a pirated copy. The catch is that no such copy exists and, in the process, those behind the sites capture user data and access they can then use for nefarious purposes.

The distribution of sites was found to also reflect interest in particular movies. “Joker,” “1917,” “The Irishman” and “Once Upon a Time … in Hollywood” were the movies most regularly targeted, whereas no sites were found to be targeting “Parasite.”

The researchers also found that many of the malicious files appeared in the third or fourth week after the release of the films, although some were distributed before the premiere.

“Cybercriminals love to use the promise of free stuff to tempt people into clicking on links or downloading malicious files,” Erich Kron, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “This is another example of using the hype around an internationally recognized event such as the Oscars to lure unsuspecting people into falling for various scams, giving up personal information or downloading malware.”

Emails and social media posts of this sort can be very effective against those with a significant interest in the film industry, he added. “It is important to teach people that any email, phone call, text message or even social media post that elicits a strong emotional response should be looked at skeptically,” he said. “This is especially true when there is the promise of something for nothing.”

Tyler Reguly, manager of security research and development at cybersecurity firm Tripwire Inc., noted that it’s well-known that piracy websites are often plagued with malicious files and malvertising. “Yet people continue to visit them to save $4.99 on a movie rental or to see a film a few weeks before everyone else,” Reguly said. “It is telling about an individual that they’re willing to risk their personal information for a couple of bucks.”

Photo: Pxfuel