Don't fall for 'free' downloads of Oscar-nominated films, they're malware

Nothing's ever really free.

Shelby Brown Editor II

Shelby Brown (she/her/hers) is an editor for CNET's services team. She covers tips and tricks for apps, operating systems and devices, as well as mobile gaming and Apple Arcade news. Shelby also oversees Tech Tips coverage. Before joining CNET, she covered app news for Download.com and served as a freelancer for Louisville.com.

Credentials

She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.

See full bio

Shelby Brown

Feb. 10, 2020 10:23 a.m. PT

2 min read

jokerbig — Joaquin Phoenix won the best actor Oscar on Sunday for his lead role in Joker.
Warner Bros. Pictures

If you want to catch up on all the Oscar nominees and winners for 2020, just make sure you do it legally. Experts at cybersecurity firm Kaspersky found hundreds of websites promising free downloads of this year's most lauded films, but the downloads were actually malware. There were also more than 20 phishing sites that duped users into entering credit card numbers and other sensitive information.

Joker was the film most commonly used to lure in victims: The researchers found 304 malicious files titled for the film. The World War I film 1917 had 215 malicious files, The Irishman had 179 files and Once Upon a Time... in Hollywood had 150. The Korean film Parasite -- which won the best picture Oscar, as well as others, on Sunday night -- had no malicious files associated with it, Kaspersky reported.

"Phishers appeal to the potential victims' interests," Dmitry Bestuzhev, head of the research center for Kaspersky Latin America, told CNET on Monday. "It can be fear, greediness or any other emotions which make people act in a way they would not usually act. It gets worse when a fake site looks pretty convincing due to its good design and professional appearance."

Bestuzhev said Kaspersky has found that the number of attempts to visit fraudulent pages has increased every year since 2016, and reached about half a billion attempts a year among its users. Bestuzhev said that online shopping is also a favorite of cybercriminals. The crooks, Bestuzhev said, create fake webpages that look like Amazon, eBay and other e-commerce sites. The sites drew thousands of clicks during the Black Friday season, according to Bestuzhev.

Kaspersky recommends examining download file extensions for legitimate sources, checking out the site's authenticity, finding out when the movie is going to be released in theaters or on streaming services, using reliable virus protection and not clicking on suspicious links.

Originally published Feb. 7.
Update, Feb. 10: Adds comment from Kaspersky.