With the Barbie movie breaking box office records across the world, the spotlight on the iconic doll has also drawn the attention of cybercriminals trying to capitalise on the hoopla for their illicit activities.
According to recent McAfee research, the three weeks leading up to the film's record-breaking launch saw the introduction of over 100 instances of malware, all with Barbie-related filenames. These dangerous programmes were systematically placed to penetrate the computers and devices of unsuspecting victims.
The assaults were global in scope, but more than a third of them explicitly targeted individuals in the United States, according to McAfee blog posts. The majority of the scams involved the development of bogus Barbie websites, online offers, and emails with links to download or buy products related to the popular doll and movie.
According to McAfee's Chief Technology Officer, Steve Grobman, this tactic is just one variation of a long-standing cybercriminal scheme: preying on specialized audiences perceived to be emotionally or vulnerable, such as fans of sports teams, musicians, cultural phenomena, or those willing to help victims of natural disasters.
"Cybercriminals are always looking for ways to make phishing and other scams more appealing and credible," Grobman added. "They frequently use well-publicized events to trick users into clicking on malicious links." Barbie is an appealing target, and we are seeing an increase in thieves using malware to steal data from consumers."
In addition to the traditional scams, McAfee researchers discovered other malicious ploys, such as enticing people with offers for free Barbie movie tickets or downloads, which in reality installed the Redline Stealer virus. Personal data, login passwords, and other essential information can be extracted from devices, online browsers, cryptocurrency wallets, and popular programs such as VPNs using this off-the-shelf technology.
This approach of targeting popular films isn't new, according to Paul Rosenzweig, a former Homeland Security cybersecurity official. Similar tactics were witnessed with other renowned films, such as the Avengers series, where cyber criminals attempted to capitalize on the film's hype. Rosenzweig emphasized that when individuals get emotionally immersed in something, whether it's a Barbie movie or a philanthropic endeavor like disaster relief, they become more gullible and less sceptical.
McAfee analysts have previously noticed scam sites associated with events such as the Super Bowl, cryptocurrency scams associated with popular shows such as Squid Games, and merchandising and streaming frauds associated with FIFA's Men's and Women's World Cups.
According to a July 20 post on McAfee's website by Jasdev Dhaliwal, one of the prevalent new scams involves false videos touting fraudulent ticket deals, which are used to install spyware on victims' devices and steal their personal information. McAfee's investigation also uncovered instances of malware activities in India aiming to lure people into downloading the Barbie video in many languages.
To combat these cybercriminal activities, McAfee is actively raising awareness of these new scams to educate the public, both locally and internationally. Special attention is given to how generative AI, or advanced artificial intelligence, is facilitating and accelerating the frequency of cybercriminal actions of this nature. Vigilance and caution are crucial in protecting oneself from falling victim to such scams.
