If you’re a fan of Netflix’s Squid Game, be careful around products claiming to be a tie-in with the hit TV show. You may actually be exposing your computer to malware.
According to antivirus provider Kaspersky, hackers have been exploiting the Squid Game fandom by seeding the internet with malicious files and phishing scams that pretend to be part of the Korean TV series.
“From September to October 2021, the researchers found several dozen different malicious files on the web with names mentioning Squid Game,” Kaspersky says. “The uncovered threats posing as Squid Game-related content include Trojans, adware, fake streams, and even phishy offers of Halloween costumes.”
The tactic is no surprise; hackers routinely take advantage of the latest fad—whether it be a Hollywood blockbuster, music album, or a PC game—all to trick unsuspecting victims into downloading malware.
In this case, Kaspersky has been mostly finding Trojan programs that once installed can download additional malware onto the victim’s computer.
“One of the cybercriminals’ schemes worked as follows: the victim was allegedly shown an animated version of the first game from the series, while simultaneously, a Trojan was invisibly launched that could steal data from users’ various browsers and send it back to the attackers’ server,” Kaspersky says. “A shortcut was also created in one of the folders, which could be used to launch the Trojan every time the system was started.”
The antivirus provider also noticed one Trojan targeting smartphones by masquerading as an app to watch a Squid Game episode. “This Trojan is distributed in unofficial app stores and various portals under the guise of other popular applications, games, and books,” it says.
The other ruse involves Halloween. The hackers have been setting up fake Squid Game Halloween merchandise stores on the web capable of stealing your money and leaving you with nothing if a purchase is made. “Moreover, targets end up sharing with cybercriminals their banking and personal identity information since they are asked to provide card details and personal data, including an email address, residence address, and full name,” Kaspersky says.
Recommended by Our Editors
The company added: “We have seen users attempting to download malicious files disguised as the show in most regions of the world, including France, Germany, the UK, the US, Canada, Egypt and Kenya.”
To protect yourself, it’s best to avoid downloading suspicious files to your devices; if you do, use an antivirus product to scan the file before installing. “Check the authenticity of websites before entering personal data and only use official web pages to watch or download movies,” Kaspersky adds. “Pay attention to the extensions of files you are downloading —a video file will never have an .exe or .msi extension.”
For official Squid Game merch, you can go to the Netflix Shop.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.