22 Jump Street, Transformers Are Top Movie Lures for Summer

Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals.

Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social engineering. Transformers: Age of Extinction and Maleficent ranked second and third, respectively. Where are these supposed streaming sites advertised? Tumblr ranks first, followed by WordPress and Blogspot.

Figure 1. Commonly used summer movie titles

Figure 2. Sites used to advertise online streaming sites

The US ranks first among the countries which accessed the movie-related URLs, followed by Australia and India.

Figure 3. Countries which visited the streaming sites

Suspicious Streaming Sites

Users can encounter these streaming sites by using choice keywords on the mentioned sites. For example, we tried looking for a streaming site for the movie How to Train Your Dragon 2 on social media and came across a page on Facebook.

Figure 4. Facebook page advertising the movie

The Facebook page features a post that contains a shortened link to the streaming site. Clicking the Play button on the page redirects the user to yet another page.

Figure 5. Redirected page

The user is encouraged to download a specific video player in order to watch the movie. However, the installer/downloaded file has been detected as adware, specifically ADW_BRANTALL.

Figure 6. “Video player” file being downloaded into the computer

The Possible Adware-Malware Connection

We found that this particular variant of ADW_BRANTALL can download unnecessary files, applications, and browser extensions into the system.

Other ADW_BRANTALL variants are  known to push malware, specifically MEVADE/SEFNIT malware to computers. MEVADE malware is known for its click fraud and Bitcoin mining routines. A Trend Micro research paper, On the Actors Behind MEVADE/SEFNIT, speaks at length about this adware-malware connection. Note, however that this particular sample is not related to the ADW_BRANTALL that downloads MEVADE/SEFNIT as discussed in the said paper.

While it might be tempting to watch the latest and upcoming movies for free, users should remember that so-called copies made available online are often fakes or scams. Worse, these could be malware in disguise. It’s best to ignore temptation and just watch movies at the cinema.

Users need not to worry about such threats since Trend Micro Titanium™ Security protects systems from malicious links by highlighting these (URLS) thus preventing them (users) from clicking it  in social networking sites, instant messages, and email.

As of posting, Trend Micro has informed Facebook about this incident and they already disabled accounts involved in these scams.

With analysis from Sylvia Lascano and Maela Angeles

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

22 Jump Street, Transformers Are Top Movie Lures for Summer

Read more: 22 Jump Street, Transformers Are Top Movie Lures for Summer

Incoming search terms

Story added 29. July 2014, content source with full text you can find at link above.