Cyber crooks use lure of Squid Games to distribute malware

Cyber-crooks have been using the lure of popular Netflix TV series Squid Games to lure victims into infecting their devices with malware via email attachments.

SCAM
Type of Scam: Malicious email attachment attack
Attack Type: Microsoft Office “macro” malware
Social Engineering Technique: Access to exclusive content or opportunities

Researchers at security company Proofpoint have discovered a malicious email campaign designed to lure email recipients into opening harmful email attachments by claiming recipients can watch exclusive footage of season 2 of Squid Games, or even audition to be in the new season.

The emails come with subject lines such as..

• Get early access Squid Game season 2
• Squid game upcoming season commercials talent casting
• Squid Game is back, watch new season before anyone else.
• Invite for Customer to access the new season.
• Squid game new season commercials casting preview

An example of such an email provided by Proofpoint is below.

According to Proofpoint, the criminals behind the email campaign are part of the TA575 network of malware crooks, and opening the harmful email attachments will result in the Dridex malware infecting a device.

In all instances, the recipient is urged to open the attached Excel file, which uses Macros to infect a device. Macros can be coded by third parties, including cybercrooks and are thus capable of infecting a device with malware. Microsoft Office programs like Excel will consequently disable Macros by default until a user enables them, meaning such attacks rely on a user enabling Macros after opening an infected Excel document.

Sponsored Content. Continued below...

If a user believes the email is genuine and opens the attached Excel file, and enables Macros, they will infect their computer with malware.

More on how Macro malware scams work can be found here.

Emails that claim a recipient can get early access or some type of exclusive opportunity is a common social engineering technique used by crooks to entice potential victims into clicking links or opening email attachments that can ultimately lead to a malware infection.

• Don’t open any email attachment from an email you were not expecting or appears suspicious, even if you appear to know the sender.
• Be especially cautious of unexpected emails claiming to offer exclusive footage, video or opportunities.
• If an email attachment contains an Office document (Word, Excel etc.) and that file asks you to “enable content” (i.e. enable Macros) then this is a sign that Office document may harbour malware.
• Always have reliable security software installed on all your devices. Our recommendations are here.