The Scammer Force is Strong with Star Wars: The Rise of Skywalker

Phishers are using “black SEO” to lure users in to malicious downloads masquerading as the latest Star Wars movie.

Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This week’s premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the world’s most beloved franchises as rich fodder for phishing attempts.

Researchers at Kaspersky ran a scan of the web this week and have found more than 30 phishing sites and malicious social-media profiles disguised as official movie accounts. The actual number of these kinds of sites, of course, could be much higher.

These are mainly claiming to distribute free, pirated copies of the film. While that’s a dubious claim that any adult should discount as an offer too good to be true, cybercriminals are mounting a full-scale “black SEO” effort to convince internet denizens otherwise, researchers said. Call it the Dark Side of site optimization.

“The domains of websites used for gathering personal data and spreading malicious files usually copy the official name of the film and provide thorough descriptions and supporting content, thereby fooling users into believing that the website is, in some way, connected to the official film,” Kaspersky explained in research issued on Thursday and shared with Threatpost. “Such practice is called ‘black SEO,’ which enables criminals to promote phishing websites high up in search engine results (such results often show up for search terms such as ‘name-of-the-film watch free’).”

To reinforce the perception that these sites are legit, scammers will also set up Twitter and other social-media accounts to promote and distribute links to the content.

“Coupled with malicious files shared on torrents, this brings the criminals results,” according to the research. “So far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie.”

They added, “In addition to spreading malicious files, the sites often collect credit card data, under the pretense of necessary registration on the portal.”

Overall in 2019, researchers detected 285,103 attempts to infect 37,772 users seeking to watch Star Wars movies in general, which is a 10 percent increase year-over-year.

Star Wars is only the latest pop-culture phenomenon that fraudsters have piggybacked on. During the World Cup last year, fans looking for info on top soccer stars, such as Cristiano Ronaldo and Lionel Messi, often found themselves landing in malicious penalty zones. The hat-trick of nefariousness involved dubious messages promoting free tickets to the tournament (and who wouldn’t want an all-expenses paid trip to a match?); emails containing news and highlight reels about World Cup teams and players, along with malicious attachments and links; and scams claiming to offer free live streams of the action in return for filling out a survey or installing software.

“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and ‘Star Wars’ is a good example of such a theme this month,” said Tatiana Sidorina, security researcher at Kaspersky, in a statement. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”

As this weekend’s premiere is likely only the beginning of a long period of fan interest in the Rise of Skywalker, Kaspersky recommended that Star Wars fans make an effort to pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources; avoid links promising an early or free view of a new film; and make sure that any file downloads are not .exe files.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.