Joker defeats 1917 to win Most Dangerous Movie award

The 92nd Academy Awards will take place on February 9. We know who and what was nominated for an Oscar, but the winners remain a well-kept secret. Apart from one. As for the Most Dangerous Movie Award, that winner has already been revealed. Barely beating the other nominees, including 1917 and The Irishman, the winner is: Joker.

And the loser is …

You might not think that there is much danger when it comes to the annual Academy Awards, but you are wrong. Forget politics, online arguments and trolling; the danger is perhaps there surprisingly in terms of cybercrime. I say maybe because, for those who work in the cybersecurity industry, nothing could be more predictable than the trending media story of the moment being hijacked by criminals to spread malware. In such cases, the loser is the one whose guard drops for a moment.

Most recently, it was the Super Bowl LIV Finals that caught the attention of hackers who compromised the social media accounts of the ultimate winners, the Kansas City Chiefs, their opponents the San Francisco 49ers and the NFL she -same.

In the realm of Hollywood entertainment, rather than sports, we’ve seen how Google searching for Star Wars: The Rise of Skywalker could turn out to be a costly mistake. In the case of this Star Wars movie, over 30 scam websites and social media profiles were masquerading as official movie accounts to scam visitors or spread malware.

Kaspersky researchers, tasked with uncovering Star Wars statistics, took another look at the interest in cybercrime around Hollywood. This time around, that applies to the films that were nominated for an Oscar for Best Picture at the 92nd Academy Awards this weekend.

And the winner is…

According to these Kaspersky researchers, a total of 925 malicious files have been detected among the threats aimed at attracting moviegoers and Oscar enthusiasts. These files were specially created to appeal to anyone interested in the Oscars by promising, for example, to provide free access to the movies on this Best Pictures list. The first of the lot, and therefore the winner of the Most Dangerous Movie award, was Joker. Something favorite in the cybercriminal world, the Joker franchise had once been used as a name for both an infamous dark market selling stolen data and malware that infected half a million Android smartphones in 2019.

Kaspersky has now revealed that Joker is the name associated with a total of 304 of the 925 malicious files he has discovered. Lagging behind second place, 1917 with 215 malicious files, and The Irishman came third in that dishonorable awards category with 179. Interestingly, the first South Korean film to earn a nomination for Best Picture, Parasite, no. ‘had no malicious activity. associated at the time of the search. Knowing the propensity of these menacing actors to embark on a trend, it wouldn’t surprise me if that changes before the awards ceremony itself, and certainly not long afterwards if Parasite were to confuse the experts and win.

The bigger picture

In total, Kaspersky discovered more than 20 phishing websites and Twitter accounts attacking visitors with the lure of the 92 Oscar nominees. This lure, predictably, being the offer of a chance to broadcast the film in question for free. Equally predictable were the methods used to collect data while paving the way for that free movie ticket: bogus polls, adware, and the need to take credit card details as proof of age among them. Even if the star-struck bargain hunter accepted one or all of these requests, this free movie would never be available at the end of the process.

Kaspersky also explored the relationship between the availability of films and the appearance of illegal copies and the malicious activity associated with them. After the general theatrical release, he said, some films were found to not exhibit such malicious activity online. However, as soon as the film started airing on Netflix, things changed. It wasn’t true in all cases, but whenever a movie became a hot trend, you could be sure that cybercriminals were in the forefront. “Cybercriminals aren’t exactly tied to movie premiere dates because they don’t really distribute content except malicious data,” said Anton Ivanov, a Kaspersky malware analyst, “however, because they always tackle something when it becomes a hot trend, they depend on user demand and actual file availability. “

The Cyber ​​Security Professional, Part-Time Film Reviewer, Opinion

“As I work in cybersecurity and spend my free time previewing movies, I think I have a pretty unique take on this world,” said Tyler Reguly, head of research and development. on security at cybersecurity company Tripwire: “When I get a new movie from a studio, I’m always amazed at how many people want me to share a copy with them.” Considering this “I want it for free” attitude, Reguly finds it hard to be sympathetic when people are compromised after trying to steal a movie. “We talk all the time about acceptable risk and threat avoidance or mitigation,” he said. Reguly said, “People who hack content throw these concepts out the window.” He’s right, because it’s not exactly a secret that pirate sources are also often plagued with malicious content. get some ch dare for nothing is just too strong for many, it seems. “We’re always talking about user education,” Reguly continued, “most of the time those of us in the industry laugh and wonder how this could be as bad as it is.” Then, he said, “we see stories like this, where people are so reluctant to spend a few dollars to rent a movie that they’d rather risk their credit history to see the movie for free.”

Mitigation tips for moviegoers and Oscar fans

I talked to Ian Thornton-Trump, CISO at Cyjax, for advice on mitigating risks as articulated by this Kaspersky research. “Let’s take a step back and understand what’s really going on here,” says Thornton-Trump, “there’s a good chance that a movie found on a torrent site is stolen content, so clearly it could impact you. personally if you uploaded the content to a working asset. ” Beyond that risk, says Thornton-Trump, “while the content of the media file itself may be honest, the sites used to find torrents or stream torrents are going to have all kinds of bad guys ranging from popups, Trojan, unwanted programs and if you’re really unlucky a payload of ransomware. ”And all of this before considering the risk of being legally liable under various copyright infringement and piracy laws according to the where you watch the pirated movie. The mitigation tips should be obvious by now, but just in case, I’ll let Thornton-Trump explain it: “It’s just not worth the risk to your livelihood or your bank account to try to get it. this material, the consequences could be catastrophic. for your data, and that might be the least of your worries. “

Kaspersky has provided the following bulleted list of recommended security measures this awards weekend and beyond:

1. Pay attention to official movie release dates

2. Don’t click on suspicious links, such as those that promise a first viewing of a new movie

3. If you are going to download a video file from a source which you consider reliable and legitimate; the file must have an .avi, .mkv or .mp4 extension among other video formats, certainly not .exe

4. Do not visit websites that allow you to watch a movie until you are sure they are legitimate.

5. Confirm that the website is genuine, by checking the URL format or the spelling of the company name.