Attackers are Hiding Malware Behind Barbie-Themed Scams – Source: securityboulevard.com

The massive box office brought in by the “Barbie” movie during its opening weekend—$162 million—surprised even some Hollywood industry watchers despite the commercial hype in the weeks leading up to its release.

What isn’t surprising are the online fraudsters who have latched onto the surefire summer blockbuster, with threat researchers from McAfee tracking a range of social-engineering scams, from fake movie downloads designed to deliver malware to bogus videos promising free tickets but aimed at stealing victims’ personal information.

It’s a timeworn pattern, with bad actors glomming onto high-profile events like major movie premieres or high-profile athletic events to take advantage in hopes of stealing information or money from people excited–and distracted–by the hype swirling around them.

In this case, that event was the premiere of the light-hearted Barbie, as well as its cohort in the “Barbenheimer” craze, the darker “Oppenheimer,” which debuted the same weekend, pulling in $82.4 million.

“Even while the Barbie and Oppenheimer films churn up hot, new hype, the online scams linked to them are old hat,” Jasdev Dhaliwal, director of marketing and security evangelist at McAfee, wrote in a blog post. “Historically, big media events of any kind usher in a glut of online scams. We can point to scam sites linked to the Super Bowl in the U.S., cryptocurrency scams that capitalize on hit shows like Squid Games, and the merchandise and streaming scams that pop up during FIFA’s Men’s and Women’s World Cup.”

Scams A-Plenty

According to McAfee, in the three weeks leading up to the movie’s release, researchers saw 100 new instances of malware with Barbie-related filenames. The hope is that people will click on the filenames because the movie’s title is trending.

“The types of files varied but included typical types such as .html and .exe.,” Dhaliwal wrote. “By and large, attackers focused on the U.S., yet other countries have found themselves targeted as well.”

In fact, the United States accounted for 37% of the malware received, followed by Australia at 6% and Spain, the UK, India and Brazil, all at 5%.

Bogus Barbie-themed videos also are popping up online, enticing anxious moviegoers by promising free tickets. However, if the users click on them, they will be directed to a Discord server or a website and prompted to download a large .exe file, which is carrying malware.

Enter RedLine Stealer

That includes RedLine Stealer, malware that has been around since 2020 and is designed to grab as much information as possible. According to cybersecurity firm SecurityScorecard, the malware steals information from browsers, cryptocurrency wallets, and a variety of applications, including Discord, Steam, Telegram, and VPN clients. It also pulls data about the infected system, including the processes and antivirus products running on it, installed programs, the processor, and Windows product names.

In April, cybersecurity firm Veriti reported that bad actors were spreading Redline Stealer on the wave of another cultural trend, that being generative AI chatbots ChatGPT and Google Bard. In that case, they were hijacking Facebook pages and posting what seemed to be legitimate ads for free downloads of the chatbots.

Along with the malicious files and videos, McAfee also detected multiple campaigns trying to trick victims into downloading the Barbie movie in different languages. Clicking on a link prompts the victim to download a .zip file loaded with malware.

And don’t think Barbie is alone in this. Kaspersky researchers reportedly are seeing similar scams related to Oppenheimer.

Go With What You Know

A common theme they all have is relying on consumers to click on something that isn’t coming from a trusted source, according to Dhaliwal. He said consumers should stick with known retailers and streamers and buy tickets from the theater itself or a reputable ticking app.

Also, they should critically look at offers, videos, and giveaways that come into them, watch out for sites that seem sketchy, and ensure they have online protection.

“If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might be pirated content, which could carry malware threats along with it.