Pirate versions of Oscar-tipped movies come with malware, research warns


Many movie fans, eager to watch the best films of the year but unwilling to pay to go to a cinema or use a legal streaming service, are pirating them. Unfortunately, they’re also downloading malware.

Cybersecurity researchers from ReasonLabs say in a new report that film pirates are as per usual showing a huge interest in movies, lined up for nominations at the 95th Academy Awards, set to be held Sunday night.

Pirates are vacuuming up titles such as All Quiet on the Western Front (available on Netflix) or The Banshees of Inisherin (on Disney+). Most of the other films are available to buy or rent for just a few dollars on platforms such as Apple TV or Google Play.

ADVERTISEMENT

Cyber attackers know perfectly well how to leverage piracy. Movie fans are usually so desperate to watch a popular film that they do not care where they get the content from – the problem is they also usually end up downloading malware.

“The data shows thousands of instances of threats including Trojans, malware, infostealers, spyware, keyloggers, and more, inside files claiming to be one of the films that received top nominations,” said Dana Yosifovich, security researcher at ReasonLabs.

Perhaps unsurprisingly, the research shows an alignment between the number of infected films and that of nominations they received.

top-movies
Top Oscar-nominated movies infected with malware. Courtesy of ReasonLabs.

For instance, Everything Everywhere All at Once, an inexplicable dive into a rabbit hole of parallel realities, has a total of 11 nominations and also the most infected files. It is the front-runner to win Best Picture at the Oscars – and infected files on pirated versions were found to contain a malicious extension that steals a victim’s passwords.

In fact, one could even use malware as a benchmark to detect which film cyber crooks are picking as their personal favorite to win the Best Picture gong: threat actors are infecting pirated copies of their pick with malware because they know downloads of said film will multiply after the winner has been announced.

Research also showed that other movies up for Best Picture – Avatar: The Way of Water and Top Gun: Maverick – are displaying large numbers of cyber threats.

ADVERTISEMENT

For example, lurking in downloaded files claiming to be Oscar-nominated movies, one form of spyware steals the unsuspecting user’s personal documents such as .doc, .xls,.xlsx, .docx, and .pdf.

Yosifovich also urges users to avoid trojanized subtitle files, as they pose a major threat: “Even if the movies users are downloading do not contain some kind of executable, the subtitle files might be.”

Online piracy is prevalent worldwide despite being obviously illegal. In fact, a recent study by MUSO, a data company analyzing unlicensed media consumption, found that the number of visits to online piracy sites in 2022 increased by more than 20% compared to the previous year.

Some think this trend may be explained by subscription fatigue: popular shows and movies are split between so many streaming services, and signing up to them all is simply too costly.

Some users opt for password sharing – a practice Netflix is trying to stop – but others choose outright piracy, the digital version of which costs the US economy at least $29 billion in lost revenue each year, according to the Motion Picture Association.