Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware.

Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie.

Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users.

Just before the official release, on December 20, cybercriminals have flooded social networks and the internet with rogue websites and files offering previews of the ‘The Rise of Skywalker’ movie and free steams.

“Public attention on “Star Wars: The Rise of Skywalker,” which premieres December 19, is already attracting cybercriminals . Kaspersky researchers found over 30 fraudulent websites and social media profiles disguised as official movie accounts (the actual number of these sites may be much higher) that supposedly distribute free copies of the latest film in the franchise.” reads a press release published by Kasperky. “These websites collect unwary users’ credit card data, under the pretense of necessary registration on the portal.”

Crooks set up websites that look like related to the official movie, the websites are designed to deliver the malware or for phishing purposes. Victims are instructed to make a registration or to download executable to access to the exclusive streams.

Crooks used a network of social media profiles where they distribute links to free pirated copies of the new movie. Cybercriminals also flooded file-sharing platforms with malicious files.

Kaspersky experts discovered more than 30 fake and infected streaming sites and social media pages which are advertised as the official pages of the movie. They also spotted around 65 malicious files disguised as the copies of the movie. Kaspersky experts.

“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and ‘Star Wars’ is a good example of such a theme this month,” said Tatiana Sidorina, security researcher at Kaspersky. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”

The following table shows “Star Wars”-themed malware attacks.

2018 2019 Change Attacks detected 257,580 285,103 +10% Number of unique files 16,395 11,499 -30% Users targeted 50,196 37,772 -25%

Attackers leverage ‘black SEO‘ tactic to push the malicious websites, the domains used in the campaign have the official name of the movie and provide thorough descriptions and supporting content.

Using this trick the malicious websites rank higher on popular search engines so that they appear everytime users search for the name of the movie.

The experts warn that the campaign is still active at the moment, crooks are adding new titles of movies and TV-series to the rogue websites.

To avoid falling victim to such kind of scams Kaspersky recommends taking the following steps:

Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources

Don’t click on suspicious links, such as those promising an early view of a new film

Look at the downloaded file extension. Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension, among other video formats, definitely not .exe

Check the website’s authenticity. Do not visit websites allowing you to watch a movie until you are sure that they are legitimate and start with ‘https.’ Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains’ registation data before starting downloads

Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats

Pierluigi Paganini

(SecurityAffairs – Star Wars, hacking)