Pirate versions of Oscar-tipped movies come with malware, research warns

Many movie fans, eager to watch the best films of the year but unwilling to pay to go to a cinema or use a legal streaming service, are pirating them. Unfortunately, they’re also downloading malware.

Cybersecurity researchers from ReasonLabs say in a new report that film pirates are as per usual showing a huge interest in movies, lined up for nominations at the 95th Academy Awards, set to be held Sunday night.

Pirates are vacuuming up titles such as All Quiet on the Western Front (available on Netflix) or The Banshees of Inisherin (on Disney+). Most of the other films are available to buy or rent for just a few dollars on platforms such as Apple TV or Google Play.

Cyber attackers know perfectly well how to leverage piracy. Movie fans are usually so desperate to watch a popular film that they do not care where they get the content from – the problem is they also usually end up downloading malware.

“The data shows thousands of instances of threats including Trojans, malware, infostealers, spyware, keyloggers, and more, inside files claiming to be one of the films that received top nominations,” said Dana Yosifovich, security researcher at ReasonLabs.

Perhaps unsurprisingly, the research shows an alignment between the number of infected films and that of nominations they received.

Top Oscar-nominated movies infected with malware. Courtesy of ReasonLabs.

For instance, Everything Everywhere All at Once, an inexplicable dive into a rabbit hole of parallel realities, has a total of 11 nominations and also the most infected files. It is the front-runner to win Best Picture at the Oscars – and infected files on pirated versions were found to contain a malicious extension that steals a victim’s passwords.

In fact, one could even use malware as a benchmark to detect which film cyber crooks are picking as their personal favorite to win the Best Picture gong: threat actors are infecting pirated copies of their pick with malware because they know downloads of said film will multiply after the winner has been announced.

Research also showed that other movies up for Best Picture – Avatar: The Way of Water and Top Gun: Maverick – are displaying large numbers of cyber threats.

For example, lurking in downloaded files claiming to be Oscar-nominated movies, one form of spyware steals the unsuspecting user’s personal documents such as .doc, .xls,.xlsx, .docx, and .pdf.

Yosifovich also urges users to avoid trojanized subtitle files, as they pose a major threat: “Even if the movies users are downloading do not contain some kind of executable, the subtitle files might be.”

Online piracy is prevalent worldwide despite being obviously illegal. In fact, a recent study by MUSO, a data company analyzing unlicensed media consumption, found that the number of visits to online piracy sites in 2022 increased by more than 20% compared to the previous year.

Some think this trend may be explained by subscription fatigue: popular shows and movies are split between so many streaming services, and signing up to them all is simply too costly.

Some users opt for password sharing – a practice Netflix is trying to stop – but others choose outright piracy, the digital version of which costs the US economy at least $29 billion in lost revenue each year, according to the Motion Picture Association.

More from Cybernews:

Home data spills bring trouble to your door, experts warn

ChatGTP is coming to Slack to make your work life easier

Ransomware attack spreads chaos at a major hospital in Barcelona

Killnet leader urges cyberattack on German arms maker Rheinmetall

Meta on course for thousands more layoffs in further efficiency push

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked