Beware of the Game of Thrones related malware attack; lures users with videos of the show

If you get an email with the subject line, "Wanna see Game of Thrones in advance?", then you need to exercise caution as it could be a malware attack according to latest reports.

After hackers stole 1.5 TB of data from HBO’ servers, a malware attack related to it has been doing the rounds of cyberspace. The email targets unsuspecting users to install a remote access which goes by the name of Trojan (RAT) 9002.

Screengrab from YouTube.

Game of Thrones screengrab. YouTube.

According to proofpoint, a California based cybersecurity company, received one such email asking, “Wanna see the Game of Thrones in advance?” The email lures the user to see the show in advance and in return asks money for every episode. Moreover, it has a Word document attached to it and contains preview-like details of the upcoming episodes as well as malware hidden in it.

After downloading the document, it prompts the user to install the 9002 remote access Trojan (RAT), an oft used, state sponsored actor, according to proofpoint. Downloading it releases the malware in the user’s computer.

The Game of Thrones Season 7 which was released in July this year, faced a series of leaks. Considering the interest levels of the series, it is not surprising that malware makers might be using it as a bait to lure in their victims.

The malware housing email promising Game of Thrones episodes. Image: Proofpoint

The malware housing email promising Game of Thrones episodes. Image: Proofpoint

While the Game of Thrones season 7 finale is scheduled to take place today, the HBO hackers have reportedly sent its detailed plot outline to publications like Mashable, The Independent and a reddit user, in addition to releasing it on the "deep web".

Russian cyber security firm Kaspersky Lab had termed the leaks as a new phenomenon when it comes to cyber crimes. The fact that there are multiple hackers breaching into the channels security and leaking consequential information is leading to new hacks everyday.

The original hackers, who call themselves the 'Mr. Smith group' had released 1.5 TB of information including scripts and other crucial information about the employees.


Published Date: Aug 28, 2017 08:53 am | Updated Date: Aug 28, 2017 08:53 am