Joker was the hottest film among cybercriminals with 304 malicious files named after Batman’s arch-nemesis, says security firm Kaspersky.

Cybercriminals love to take advantage of current trends, fads, and news items to try to trick people into downloading malware. And with the 92nd Academy Awards on Sunday, what better topic than the latest nominees. Criminals have been pushing malicious downloads that pretend to be Oscar-winning films in hopes of attracting people who want to catch one of them for free, according to a report released Thursday by Kaspersky.

Looking at malware inspired by the Oscars, researchers at Kaspersky discovered more than 20 phishing websites and 925 malicious files that were presented as free movies. The cinematic cybercriminals also have set up Twitter accounts to distribute links to their malicious files.

The phishing sites and Twitter accounts try to entrap potential victims by asking them to perform certain tasks to snag the movie. In many cases, users are asked to fill out a survey in which they share personal details. In some cases, they’re prompted to install adware. In other cases, they’re even asked to provide credit card information.

phishing-website-gathering-credit-card-details-kaspersky.png
An example of a phishing website gathering credit card details.Kaspersky

For its research, Kaspersky analyzed malicious content masquerading at nominated films during the first four weeks after the public premiere of the film. Joker was the most popular film among cybercriminals with 304 malicious files named after it. 1917 came in second with 215 associated malicious files, leaving The Irishman in third place with 179 malicious files, and Once Upon a Time in Hollywood with just over 150 files.

malware-nominated-films-kaspersky.png
The number of malicious files detected by Kaspersky products under the guise of nominated films.Kaspersky

Most of the malicious files popped up during the third or fourth week after the theatrical release of a film, though some appeared even before the premiere.

“Cybercriminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” Anton Ivanov, Kaspersky malware analyst, said in a press release. “However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability. To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats.”

To avoid being a victim of malware hiding as popular films or TV shows, Kaspersky offers the following tips:

  • Pay attention to the official movie release dates in theaters, on streaming services, TV, DVD, or other sources.
  • Don’t click on suspicious links, such as those promising an early view of a new film. Check and keep track of movie release dates in theaters.
  • Check the website’s authenticity. Do not visit websites that let you watch a movie until you’re sure they’re legitimate and start with https. Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it, and checking the domain’s registration data before starting downloads.
  • Look at the downloaded file extension. Even if you’re going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv, .mp4 extension, or those of other video formats, and definitely not .exe.
  • Use a reliable security solution for comprehensive protection from a wide range of threats.