The eighth and final season of Game of Thrones saw a spike in related cybercriminal activity, according to Kaspersky Lab researchers.
The premiere of each episode was accompanied by a long tail of attacks targeting users who were trying to download the newly released episode. Instead of getting the latest episode, fans received malware disguised behind the name of the show.
Some episodes proved significantly more toxic than others, with the third episode triggering the highest number of detected attempts to attack users, reaching 3,000 attacks a day at its peak.
Experts expect the release of the concluding episode to attract further attacks from scammers as malware distributors start offering potential viewers access to the complete season.
Overall, after tracking associated malicious activity through the entire eighth season, Kaspersky Lab researchers have found that the average daily number of attacks on users that involved malware disguised as an episode of Game of Thrones, was around 300-400. This number jumped to around 1,200 for the three to four days following the release of each new episode: a three to four-fold increase in malicious activity.
Another attack vector associated with Game of Thrones is streaming-websites that invite users to watch newly released Game of Thrones episodes for free, but which are actually designed to extract sensitive data from users.
Typically, the online-player icon shows a scene from the TV show and redirects the victim to a registration page, later asking for bank card details with the CVC/CVV-code, claiming it is only for validation purposes.
Researchers have pointed out the similarities between this scheme and recent scams surrounding the latest Avengers movie.
“We see shared TTPs (tactics, techniques and procedures) across the phishing websites where scammers try to steal users’ details by promising a pirated movie before its official premiere. We believe there is a certain group of threat actors that methodically hunts fans of popular movies and TV productions, adjusting schemes dynamically according to pop-cultural happenings,” said Tatyana Sidorina, security researcher at Kaspersky Lab.