Scam sites offering fake streams of new James Bond movie

Researchers warn of malicious files designed to look like No Time to Die.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
Daniel Craig and Ana de Armas in No Time to Die.

James Bond (Daniel Craig) and Paloma (Ana de Armas) in No Time to Die.

Nicola Dove/MGM

Cybersecurity researchers are warning of fake streams of the new James Bond movie that are designed to infect devices and steal people's personal information.

In the leadup to the release of No Time to Die, researchers for Russian cybersecurity firm Kaspersky discovered and analyzed several malicious files disguised as the movie. While it appears that few people have tried to download the files so far, researchers say the malware includes particularly dangerous Trojans designed to both gather login credentials and create backdoors into users' computers. The researchers also found adware and ransomware masquerading as the film.  

In addition, the researchers found a number of phishing websites offering streams of the Bond movie. After watching the first few minutes of the film, people were asked to register to continue watching and asked to enter their credit card information. But after registration is complete, Kaspersky says the viewer can't continue watching. Charges are made to their card, and the cybercriminals get the card information to potentially use for more fraud down the road.

Tatyana Shcherbakova, a security expert at Kaspersky, says that movies have long been an attractive lure for cybercriminals looking to spread malware and draw traffic to phishing sites. The shift of many movie premieres to legitimate streaming sites has only boosted that. 

And cybercriminals are eager to capitalize on long-awaited premieres of movies like No Time to Die, she says.

"The audience is in a hurry to see the movie, causing them to forget about internet security," Shcherbakova says in a statement. "Users should be alert to the pages they visit, not download files from unverified sites and be careful with who they share personal information."

Kaspersky also recommends that consumers pay attention to the extensions of files they are downloading. For example, a video file will never have a .exe or .msi extension. And, of course, it recommends using security software, such as its own Kaspersky Security Cloud, which identifies malicious attachments and blocks phishing sites.