Security researchers at Kaspersky have found hundreds of sites hosting bundles of malicious software, presented as free downloads of this year's Oscar-nominated movies. They also discovered a slew of phishing sites that tricked users into entering confidential information and even credit card details, using films including 1917 and Jojo Rabbit as bait.
With the Oscars awards ceremony due to take place on February 9, criminals are exploiting people's increased interest in the nominees for Best Picture. According to Kaspersky's report, Joker was the movie most commonly used to lure victims into downloading malware and handing over their bank details.
- Protect yourself with the best antivirus software
- Already infected? Here are the best malware removal tools
- Watch movies legally with the best streaming services
Malicious downloads typically start to appear around the time movies arrive on real streaming sites, as people start searching for other ways to watch them online.
"Cybercriminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” said Kaspersky malware analyst Anton Ivanov.
"However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability. To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats."
Oscar bait
The best way to protect yourself from such malware attacks is to play by the rules, and only stream movies from legitimate sites and services such as Netflix, Amazon Prime Video, Hulu or Disney+ (we've assembled a guide to all the best streaming services to help you choose).
Before trying a new site or service, do some research to check that it's legitimate, and remember that if it seems too good to be true, it almost certainly is.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
Phishing websites can be hard to spot, and are sometimes nearly identical to the sites they're impersonating. Always take a good look at the address bar to see which domain you're actually on, and don't click links from unknown sources in emails (instead, visit the site directly by typing its URL).
Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years, and is here to help you choose the right devices for your home and do more with them. When not working she's a keen home baker, and makes a pretty mean macaron.
Phison unleashes 122.88TB '128TB-class' SSD that delivers PCIe Gen5 performance but we will have to wait till Q2 2025 for a proper review: D205V could rival the Crucial T705 on tests
Attackers retain old scamming tricks with new twists — and consumers must stay informed to protect themselves
NYT Connections today — hints and answers for Sunday, November 24 (game #532)