Malware and Grammys: Cybercriminals are actively abusing the names of artists and songs nominated for the Grammy Awards 2020 to spread malware. Kaspersky's protection technologies have detected a 39% increase in Grammy attacks compared to 2018 (attacks that try to "download" or "run" infected files and pretend to be the work of Grammy nominees).
Η Ariana Grande, Taylor Swift and Post Malone were the attackers' favorites, as they used their names as disguises in most of their respective malware distribution cases.
Music is universally accepted… It is not only entertainment, but also a way of healing and education, as well as through it a separate channel of communication is created between artist and audience. Its popularity and widespread availability is why, even in the age of streaming services, music is not free of malicious activity: criminals use the names of popular artists to spread malicious software hidden in music tracks or music videos. .
In light of the biggest music awards of the year, the researchers of Kaspersky analyzed this year's 2020 Grammy artist and song nominations by detecting malware exploiting their names [1]. As a result, Kaspersky detected 30.982 malware using the artists' names or their tracks to spread malware, with 41.096 users of Kaspersky products exposed.
| Artists | Song title |
| Ariana Grande | 7 Rings |
| Billie Eilish | Bad Guy |
| Good Iver | Hey ma |
| HER | Hard place |
| Khalid | Talk |
| Lady Gaga | Always Remember Us This Way |
| Lana Del Rey | Norman F * cking Rockwell |
| Lewis Capaldi | Someone you loved |
| LIL NAS | Old town road |
| Lizzo | Truth Hurts |
| Post Malone | Sunflower |
| Swae Lee | |
| Tanya Tucker | Bring my flowers now |
| Taylor Swift | Lover |
Artists and Singles candidates for Grammy analyzed for malware
The analysis of the candidate artists showed that the names of Ariana Grande, Taylor Swift and Post Malone were used more to disguise malicious files, with more than half (55%) of the detected malicious files containing their name.
Unique malware that uses selected candidate names for Grammy identified by its products Kaspersky.
The number of attempts to "download" or execute files containing the names of these pop stars has also increased significantly for almost all of the artists surveyed.
Attacks on product users Kaspersky using files with selected candidate names for Grammy
Η connection between growth in popularity and malicious activity is quite evident in the case of younger artists such as Billie Eilish. The teenage singer became extremely popular in 2019, and the number of users who “downloaded” malicious files with her name almost increased tenfold compared to 2018 from 254 to 2.171. However, while being nominated for a prestigious award and the recognition associated with it influences user interest in certain artists and therefore the development of malicious activity, this is not necessarily the case for more established artists such as Lady Gaga, whose name was used for even more attacks than last year.
Malicious activity related to Billie Eilish
Kaspersky also analyzed which recordings and songs were nominated for a Grammy in 2019 and attracted the attention of cybercriminals. The Sunflower of Post Malone, the "Talk" of Khalid and the Old Town Road of Lil Nas X's were used for more attacks than any other song.
"Cybercriminals understand what is popular and always try to take advantage of it. Music, along with TV shows, is one of the most popular forms of entertainment and, therefore, an attractive means of dissemination. malware, which criminals easily exploit. However, as we see more and more users subscribing to music streaming platforms, which do not require downloading files for music playback, we are optimistic that the malicious activity associated with this type of content will decrease. commented Anton Ivanov, security analyst at Kapsersky.
To avoid falling prey to malicious programs that pretend to be popular music files, the Kaspersky recommends following these steps:
- If you want to listen to or "download" songs from well-known artists, use trusted services such as Apple Music, Spotify Premium and Amazon Music. Or try to find one free and reliable music site that allows you to download songs legally.
- Try to avoid suspicious links, which promise exclusive music content. Check out official music social media accounts or read reputable music blogs like Pitchfork to make sure there is such content.
- Check its extension archiveu that you have "downloaded". Even if you are going to "download" an audio or video file from a source you believe to be reliable and legitimate, the file should have an mp3, .avi, .mkv or .mp4 extension among other music and video formats, definitely not .exe or .lnk.
Use a reliable security solution for complete protection.
