Spider-Man: No Way Home is without a doubt the biggest post-pandemic premiere till now. It has everything: the superheroes, the nostalgia, the action, and even its own phishing scam.
They say curiosity kills, but when it comes to Spiderman, it is used by cybercriminals to spread malware and steal banking information.
Apparently, fans are desperate to get any information or spoiler about the movie, and they’ll visit any page that can provide what they seek.
Threat actors are taking advantage of that, giving fake promises of an early look at the film or other offers that would lead to malware/trojan injection.
The phishing campaign is as big as the movie is. Spidey has a huge fanbase, which makes this a critical matter. Here’s everything we know.
An Easy Phishing – What High Emotion and Excitement Can Do
Phishing scams using high-profile names, be it social media platforms or movies, have become a key tool in the hackers’ arsenal.
Emotions and expectations can do a lot, especially in the online world. A while ago, a phishing scam involved Twitter, which also played on the users’ emotions – mostly fear. Another involves US cable provider Verizon, where curiosity plays a huge role in the cyber attack.
Now, excitement is being exploited by threat actors as researchers at Kaspersky warned that cybercriminals are using the release of Spider-Man: No Way Home in their new malicious act.
According to the researchers, in this Spider-Man Movie phishing practice, the attackers are creating certain phishing websites that target fans of the franchise. They’re using fan art of the film’s stars to try and catch their attention as the image below reflects:
In some websites, attackers ask the users for their banking information in exchange for sneak peeks of the movie.
If they agree to the terms and submit their information, they’ll download malicious video files instead. Now, with their excitement in place, they’ll directly access the files they downloaded.
Unfortunately, these videos contain adware and trojans. Not to mention that some of them have the ability to gather and modify device data.
“Forgetting about cybersecurity, the audience is in a hurry to find out the secrets of the movie premiere, and fraudsters are using fan art and trailer cuttings as bait to make victims download malicious files and enter banking details.”
Cybercriminals can easily hide their lures using the latest technologies and techniques. However, with this flurry of Spider-Man online activity, users have made the hackers’ task even easier.
Spidey Sense Not Tingling – Malware Starts Lingering
We all know how excited users are for the new movie. However, you can’t trust any source that claims to have the answers you seek.
You should always be on the lookout, regardless of your intentions. Remember, the hackers don’t have innocent intentions – only malicious ones.
If you’re unsure of the website you’re about to visit, look the other way instantly. The Spider-Man movie phishing attack is serious. A few spoilers are not worth the risk you’re about to bestow on your personal information.