With more people staying home and consuming Netflix and Disney + content, come more malware and trojan attacks.

When it comes to disguising malicious files under the names of popular streaming platforms and their content, cybercriminals most frequently use Netflix and The Mandalorian (a Disney + original) as a lure.

Between January 2019 and April 8, 2020, more than 5,000 users of Kaspersky cybersecurity software were exposed to various threats while attempting to gain access to Netflix via unofficial files that used the latter’s name. In total, more than 22,000 infection attempts using Netflix as a lure were detected.

When it comes to original shows on streaming platforms, The Mandalorian was the show most frequently exploited by malicious users, with a total of 1,614 users exposed this way, and 5,855 infection attempts registered.

No streaming fan is safe

With the growing popularity of streaming services, these platforms—and the original content they offer—are increasingly exploited by cybercriminals as a way to launch various attacks. These range from phishing attacks aimed at collecting account credentials and financial information, to using the names of these platforms and their shows as a lure to trick users into downloading various threats, including adware and malware.

With this in mind, Kaspersky researchers examined the cyberthreat landscape of five major streaming platforms (Hulu, Disney +, Netflix, Apple TV Plus, Amazon Prime Video) from January 2019 to April 8, 2020. A total of 5,577users were found to have been exposed to various threats while attempting to gain access to these platforms through unofficial means via files that used the names of these platforms as a lure, with the greatest number using Netflix as target.

In total, there were 23,936 attempts to infect these users with various threats.

Graph depicting the number of unique users that encountered various threats containing the names of popular streaming platforms while trying to gain access to these platforms through unofficial means

Kaspersky researchers also examined the cyberthreats associated with original content on these platforms. Upon examining 25 original shows across the five platforms above, they found that the five shows used most frequently by cybercriminals as a lure were:

  1. The Mandalorian (Disney +)
  2. Stranger Things (Netflix)
  3. The Witcher (Netflix)
  4. Sex Education (Netflix)
  5. Orange is the New Black (Netflix)

A total of 4,502 Kaspersky users were exposed to various threats via malicious files that contained the name of one of these five shows as lure, with a total of 18,947 infection attempts registered. The greatest number came from files that contained the name The Mandalorian, a popular Disney + original, as a lure—1,614 users and a total of 5,855 infection attempts.

Cybercrooks exploiting the Streaming Wars

For both platforms and original shows, the threats most frequently encountered by users are also the most dangerous: various Trojans. These types of malicious files allow cybercriminals to do everything from deleting and blocking data to interrupting the performance of the computer. Some of the Trojans distributed were Spy Trojans—particularly dangerous malicious files that track the users’ actions on the infected device. With spyware, users are susceptible to having their personal files and photos collected, as well as login and password information for their financial accounts.

Said Anton Ivanov, malware analyst, Kaspersky:“The so-called ‘streaming wars’ have only just begun, and as the popularity of these platforms grows, so too will the attention they receive from malicious people. This is particularly true since many of the platforms are experiencing unprecedented growth as a result of stay-at-home orders and employees being forced to work from home. While users may be tempted to search for alternative methods of watching their favorite content online rather than paying for another subscription, to stay safe, the best option is always to access the platforms and their shows via official sources.”