Researchers at BitDefender have detected a new wave of spam attacks focused around the release of the latest Harry Potter movie.
The new wave of malware downloads a rogue trojan – Trojan.Downloader.PersonalAntivirus.A – and steals credit card information from computer users who attempt to watch the latest movie free online.
Users who clicked on the link to a “free broadcast” of the movie are redirected to an infected website. The browser window is then minimized, and a warning message notifies the user about several computer infections and the availability of a solution called ‘Personal Antivirus’ for e-threat removal purposes. By clicking either ‘OK’ or ‘Cancel’, the user triggers a fake movie that plays in the restored browser window. The movie mimics an on-going scanning process that detects malware within the system. Upon completion, the user is advised to download and install ‘Personal Antivirus’ to “eliminate over 500 files altered by various types of malware”.
By clicking either ‘OK’ or ‘Cancel’, the user activates a fake Windows Security Alert, which is a simple screenshot that acts like a trigger for the rogue. Clicking anywhere within the borders of the window will initiate the malware download.
Click to enlarge
Once the installer component completes the download of Personal Antivirus, it also cleverly connects to a Microsoft Windows Update Thank You page to simulate that the software is from a trusted source and it is legitimate. Personal Antivirus rogue modifies the registry settings, requests the user to buy/renew a license and downloads additional malware responsible for the fake alerts it displays. To remain undetected, it terminates the Windows Defender process.
Click to enlarge
“Internet users should be cautious of any sites promising free screenings of the latest Harry Potter movie, or any of the latest blockbuster releases for that matter,” said Vlad Valceanu, head of BitDefender’s anti-spam research. “The only way users can prevent and protect themselves from these attacks is to be vigilant of sneaky attacks such as these, and always use a trusted security solution for protection.”