alert! alert! alert! game! ? trap! ?

Recently, the South Korean TV drama “Squid Game” with the theme of survival game set a viewership record of more than 111 million households within a month of its release, and topped Netflix’s highest box office. With the popularity of “Squid Game”, people are eager to download everything related to the show, and cybercriminals have the opportunity to use various means to carry out cybercrime activities.

“Squid Game” is popular with fans around the world

According to a report by Yonhap News Agency on October 13, the South Korean TV series “Squid Game” produced by Netflix in the United States has only been online for 26 days, and the number of viewers worldwide has exceeded 111 million households. Netflix said on the 13th that since its launch on September 17, this 9-episode Korean drama has swept the hit charts in 83 countries and regions, and has become the best-running work in Netflix’s history with 111 million on-demand views. Netflix’s Chief Executive Officer (CEO) and Chief Content Officer (CCO) Ted Sarandez bluntly praised “Squid Game” as “probably going to be Netflix’s most popular title ever.” This shows the popularity of “Squid Game” in the world.

“Squid Game” tells the story of hundreds of people who are in trouble in real life and risk their lives to participate in 6 survival games in order to win a huge prize of 45.6 billion won (about 250 million yuan). In the theme of death games, the play incorporates the social atmosphere of fetishism and extreme competition, as well as the traditional Korean game culture such as “one, two, three wooden men”, so it is sought after by the vast audience.

Not only the retro sportswear and game props of the gamers in the play are selling well, but also set off a wave of imitating the games in the play all over the world. Many fans imitate the games and scenes in the play into videos and post them on social networking sites to attract attention and earn traffic. The famous Spanish club Atlético de Madrid announced on its official website on September 28 a video of players imitating “Squid Game” for training, which is called “Madrid Club Edition Squid Game”. In this video of the players’ training process, voices such as “the hibiscus flower is blooming” and “squid game” can be heard in Korean, which shows the popularity of the show in Europe. A spoof video shot in Singapore that imitated the paper slap and slap in the face in “Squid Game” has gained popularity on social networking sites.

With the popularity of “Squid Game” and the crazy pursuit of fans, there have also been a number of cyber security incidents related to “Squid Game” in the field of network security, which are more worthy of our attention. Kaspersky’s security experts have alerted people to cybersecurity threats related to “Game of Squid”, including Trojans, adware, phishing emails, and online scams masquerading as Halloween costume sites.

Case 1: Malware was installed unknowingly when downloading “Squid Game”

Since the launch of “Squid Game”, dozens of malicious files named after “Squid Game” have been found on the Internet. Through the analysis of these files, it is found that most of the malicious files have Trojan horse virus downloaders that can install malicious programs, in addition to other types of Trojan horse viruses and adware.

One of the tactics of the cybercriminals is to falsely claim to be an animated version of the first game in Squid Games, during which the Trojan virus runs invisibly while the victims are watching, from the user’s various browsers. to steal data and transfer it to the attacker’s server. In addition, the malware generates a shortcut key in the folder, and the Trojan virus can run automatically whenever the program starts.

In addition, mobile phone software maliciously exploiting “Squid Game” was also found. In order to download the Squid Game episode, the user unknowingly downloaded a Trojan horse virus. When the application runs on the device, the Trojan virus instructs the control server to perform specific actions, ranging from opening a tab in the browser to sending a short message service (SMS) to a number received by the control server. The Trojan virus program is disguised as a popular application, game or book and distributed in unauthorized application stores and various portals.

In addition, there are also several online game phishing websites imitating “Squid Game”. These phishing websites use high bonuses as bait to lure players to download and install. Needless to say, once a player is deceived, not only will they not get the promised rewards, but also criminals will steal personal information or implant malware.

Case 2: Malicious use of “Squid Game” clothing popularity to steal personal information

As Halloween approaches, the most popular characters of the year have been revealed – the costumes of the characters from The Squid Game are a hit. Cybercriminals are not going to miss out on this great opportunity, and fake clothing shopping sites related to “Squid Game” have already appeared online. Such shopping sites mostly use the guise of official shopping sites to lure people into buying the exact same outfits as the characters in the show. However, if you place an order on such a fake shopping site, you are likely to lose money by not receiving the item. In addition, this fake shopping site also requires users to provide personal information such as credit card information, email address, residential address, and name. As a result, the victim’s banking and personally identifiable information also falls into the hands of cybercriminals.

In this regard, Kang Shara, CEO of Kaspersky Korea, emphasized: “It’s only a matter of time before ‘Squid Game’ becomes a new bait. Usually, cybercriminals are very aware of catching and maliciously exploiting new trends. With “Squid Game” becoming a hot topic, there are a lot of phishing sites related to it. Of course, victims end up losing data and money, and even installing malicious software on their devices. So look for buying “Squid Game” Confirming the authenticity of the website is very important when it comes to the origin of the item in question.”

Case 3: The “Squid Game” app downloaded thousands of times on the Play Store is actually malware

The Korean drama “Squid Game” has become a hot topic around the world as it hits the streaming platform Netflix. Taking advantage of this craze, criminals have launched various Android software containing malware, and even evaded Google’s scrutiny and successfully listed on the Play Store. Security researchers are warning Android phone users to avoid installing apps related to Squid Games.

Although Netflix has not launched an official “Squid Game” app, Lucas Stefanko, an Android malware researcher at antivirus company ESET, said on Twitter a few days ago that it is available on the Google App Store. More than 200 Squid Games-related apps appeared in the Play Store, including many malware that Google’s security measures couldn’t detect. Lucas detected and analyzed an app called “Squid Game” mobile wallpaper and found that a malware called “Joker” was built into it.

Previously, the Joker malware has appeared several times in the Play Store. It can surreptitiously “help” users sign up for expensive subscription services through an emulated sign-up process, as well as steal users’ personal information such as text messages, contact lists, and device data. In 2019, it was detected in 24 apps with over 472,000 downloads, and 64 new variants of it appeared in the Play Store in 2020.

Thankfully, Google has discovered the app and removed it from the Play Store. However, it has been downloaded at least 5000 times before that.

Case 4: Stealing account information by sending phishing emails to Netflix users

With the popularity of “Squid Game”, the number of Netflix subscribers in South Korea has also increased rapidly recently. Recently, there have been phishing emails targeting Netflix users in South Korea, which requires special attention. The Security Response Center (ESRC) of South Korean cybersecurity firm ESTSecurity said it recently discovered a phishing email disguised as an attached html file masquerading as from American online video streaming service Netflix.

The html file prompts the user to update the content of the current payment information, and induces the user to click the “Update Payment” button. When the user clicks the button, they go to the phishing page.

The phishing page is very similar to the actual Netflix page and induces users to log in. If the user mistakenly believes that it is a real Netflix page and enters account information, the entered account information will be transmitted to the attacker’s server. Attackers will also induce users to additionally enter personal information other than payment information, such as registered mobile phone numbers, bank card numbers, and CVV numbers (security codes) and other sensitive information. If the user enters the actual payment information, the entered information will be transmitted to the attacker’s server, and there is a risk that the attacker can pay without the user’s authorization.

In this regard, the security response center of ESTSecurity company specially reminds that if there are suspicious emails and pages that require sensitive information such as account information or payment information, please delete them immediately, and you must develop the habit of confirming the URL.

  alert! alert! alert! game!  ? trap!  ?

Malicious email disguised as “Squid Game Season 2 Actor Selection Schedule” Source: Korea Security News

Case 5: A malicious email with the title of “Squid Game Season 2 Actor Selection Schedule” circulated on the Internet

As Netflix’s hit series “Squid Game” has grown in popularity, so has the spoofed malicious emails circulating online. ESTSecurity’s Security Response Center has issued a warning that a malicious email titled “Squid Game Season 2 Casting Schedule” recently uncovered a vicious email that needs attention.

The email was circulated with the subject line “Squid Game Season 2 Cast Arrangement” and was accompanied by an Excel file titled “Cast Invitation”. When you open the Excel file, you will see an image called “Squid Game Cast”. The attacker makes the image appear blurry like a preview, tricking the user into clicking “use content”.

However, even if the user clicks “use content”, the image still looks blurry. When the user clicks on the image again to view the details of the image, the message “office version error” appears, at which point the macro contained in the Excel file has been executed and the rtf file download begins.

The downloaded rtf file is downloaded to the ‘c:ProgramData’ folder with the Excel file name and runs automatically. The executed rtf file tries to download other malicious files by accessing discordapp. However, the Security Response Center said that at the time of analysis, the file had been deleted, so the additional downloaded malicious code could not be analyzed.

In this regard, ESTSecurity’s Security Response Center emphasized: “With the popularity of “Squid Game” worldwide, malicious emails and files disguised as “Squid Game” are spreading in large numbers. Users should refuse to browse emails from unknown sources. , click on the ‘Use Content’ button in the document file should be prohibited unless necessary.”

The Links:   SEMIX453GB12E4S LQ064V3DG05