•Attack represents 39% rise in 2018 vulnerabilities
•Attacker disguised as ‘Billie Eilish’ during Grammy award
By Juliet Umeh
Cyber Security: Beware! Your favourite music icon, movie star, football legend, classic songs, could lead you to danger.
Yes, that is because a new attack model is in town. As legitmate and innovative ICT professionals are busy thinking how to enhance life with the aid of technology, cyber attackers, pimps and rats are designing ways to add sorrow to living while lining up their pockets with your hard earned cash.
Their latest trick is to hide under your favourite celebrities, songs and movies and a slight click to download anything concerning them, exposes you to cyber attack.
Already, 9,000 Nigerians fell victim to this unsuspecting trick between last year and now. The victims were mainly lovers of entertainment and avid followers of the popular American organised music Awards, ‘The Grammy.’
The victims were made to believe that popular nominees of the award, including Ariana Grande, Taylor Swift and Post Malone , sent them a link, songs or other interesting information. At the click of such links, they immediately experienced malware attack.
Protection Solution Provider, Kaspersky, revealed that the malware used the name of Grammy Award winner Ariana Grande and several other top stars to trick Nigerians into downloading songs and behind those famous songs were embedded malicious files.
Kaspersky said it found 30,982 malicious files that used the names of artistes or their tracks in order to spread malware, using the names of artistes and songs nominated for Grammy 2020 award.
It detected a 39 percent rise in attacks through attempts to download or run malicious files under the guise of nominees’ work in 2019, compared to 2018.
Ariana Grande, Taylor Swift, and Post Malone were attackers’ favourites, with these nominees’ names used most often in 2019 as a disguise for malware.
The company said: “Music has universal appeal; it is not just entertainment, but a form of therapy and education, as well as providing an atmosphere and message platform. Its popularity and widespread availability is the reason why, even in the age of streaming services, music is not free from malicious activity. Criminals use popular artistes’ names to spread malware hidden in music tracks or video clips.
“In light of the biggest music awards of the year, to show the extent of the problem, Kaspersky researchers analysed Grammy 2020 nominated artistes’ names and song titles for malware. As a result, Kaspersky found 30,982 malicious files that used the names of artistes or their tracks in order to spread malware, with 41,096 Kaspersky product users having encountered them.
Analysis of the nominated artistes showed that the names of Ariana Grande, Taylor Swift and Post Malone were used most to disguise malicious files, with over half, 55 percent of detected malicious files named after them.
Cybercriminals understand what is popular and always strive to capitalise on them. The connection between the rise in popularity and malicious activity is very evident in the case of newer artistes such as Billie Eilish. The teenage singer became hugely popular in 2019, and the number of users who downloaded malicious files with her name has risen almost tenfold compared to 2018 – from 254 to 2171, the number of unique distributed malicious files – from 221 to 1,556.
For instance, while the number of users attacked by Malware disguised as Billie Eilish songs in Nigeria accounted for only 381 in 2018, it increased to 9,722, in 2019. Overall, Nigeria saw 55 of such malicious files distributed in the region in 2019, with 94,630 attacks.
Kaspersky also analysed which records and songs, nominated for Grammy in 2019, received most attention from cybercriminals. Post Malone’s ‘Sunflower’, Khalid’s ‘Talk’ and Lil Nas X’s ‘Old Town Road’, led the way for songs with the most malware attacks.
Kaspersky security analyst, Mr. Anton Ivanov, said: “Cyber criminals understand what is popular and always strive to capitalise on that. Music, alongside TV shows, is one of the most popular types of entertainment and, as a result, an attractive means to spread malware, which criminals readily use.
“However, as we see more and more users subscribe to streaming platforms, which do not require file download in order to listen to music, we expect that malicious activity related to this type of content will decrease.”
Tips to avoid being victim
To avoid falling victim to malicious programmes embedded into popular music files, users are advised to:
*Either use reputable services like Apple Music, Spotify Premium, and Amazon Music, while trying to listen or download famous artistes’ songs, or find recognized free music sites that allows download of songs through legal processes.
*Avoid suspicious links, promising exclusive music content, crosscheck musicians’ official social.
; media accounts or read reputable music blogs, to make sure that such contents exist.
*Look at the downloaded file extension and even while trying to download an audio or video file from a source considered trusted and legitimate, the file should have an mp3, .avi, .mkv or .mp4 extension among other music and video formats.
Links ending with .exe or .lnk, should be definitely avoided.
*Use a reliable security solution, such as Kaspersky Security Cloud, for comprehensive protection from a wide range of threats.