Malware at the Grammys: Cybercriminals are actively misusing the names of artists and songs nominated for the 2020 Grammy Awards to spread malware software. Kaspersky's protection technologies detected a 39% increase in Grammy attacks compared to 2018 (attacks that try to "download" or "run" infected files and pretend to be the work of Grammy nominees).
Ariana Grande, the Taylor Swift and Post Malone were the attackers' favorites, as they used their names as a disguise in most of their respective malware distribution cases.
Music is universally accepted… It is not only entertainment, but also a way of healing and education, as well as through it a separate channel of communication is created between artist and audience. Its popularity and widespread availability is why, even in the age of streaming services, music is not free of malicious activity: criminals use the names of popular artists to spread malicious software hidden in music tracks or music videos. .
In light of the year's biggest music awards, Kaspersky researchers analyzed this year's Grammy 2020 artist and song nominations by detecting malware exploiting their names [1]. As a result, Kaspersky detected 30.982 malware using the artists' names or their tracks to spread malware, with 41.096 users of productof Kaspersky have encountered.
Artists | Song title |
Ariana Grande | 7 Rings |
Billie Eilish | Bad Guy |
Good Iver | Hey ma |
HER | Hard place |
Khalid | Talk |
Lady Gaga | Always Remember Us This Way |
Lana Del Rey | Norman F * cking Rockwell |
Lewis Capaldi | Someone you loved |
LIL NAS | Old town road |
Lizzo | Truth Hurts |
Post Malone | Sunflower |
Swae Lee | |
Tanya Tucker | Bring my flowers now |
Taylor Swift | Lover |
Artists and Singles candidates for Grammy analyzed for malware
The analysis of the candidate artists showed that the names of Ariana Grande, Taylor Swift and Post Malone were used more to disguise malicious files, with more than half (55%) of the detected malicious files containing their name.
Unique malware that uses selected candidate names for Grammy identified by its products Kaspersky.
The number of attempts to "download" or execute files containing the names of these pop stars has also increased significantly for almost all of the artists surveyed.
Attacks on product users Kaspersky using files with selected candidate names for Grammy
The connection between the rise in popularity and malicious activity is quite evident in the case of younger artists such as Billie Eilish. The teenage singer became extremely popular in 2019, and the number of users who “downloaded” malicious files with her name almost increased tenfold compared to 2018 from 254 to 2.171. However, while being nominated for a prestigious award and the recognition associated with it influences user interest in certain artists and therefore the development of malicious activity, this is not necessarily the case for more established artists such as Lady Gaga, whose name was used in even more attacks compared to the previous year.
Malicious activity related to Billie Eilish
Kaspersky also analyzed which recordings and songs were nominated for a Grammy in 2019 and attracted the attention of cybercriminals. The Sunflower of Post Malone, the "Talk" of Khalid and the Old Town Road of Lil Nas X's were used for more attacks than any other song.
"Cybercriminals understand what is popular and always try to take advantage of it. Music, along with TV shows, is one of the most popular forms of entertainment and, therefore, an attractive means of dissemination. malware, which criminals easily exploit. However, as we see more and more users subscribing to music streaming platforms, which do not require downloading files for music playback, we are optimistic that the malicious activity associated with this type of content will decrease. commented Anton Ivanov, security analyst at Kapsersky.
To avoid falling prey to malicious programs that pretend to be popular music files, the Kaspersky recommends following these steps:
- If you want to listen to or download songs by famous artists, use reliable services such as Apple Music, Spotify Premium and Amazon Music. Or try finding a free and trusted music site that lets you download songs legally.
- Try to avoid suspicious links, which promise exclusive music content. Check out official music social media accounts or read reputable music blogs like Pitchfork to make sure there is such content.
- Check the file extension you have downloaded. Even if you are going to "download" an audio or video file from a source that you consider reliable and legitimate, the file should have mp3, .avi, .mkv or .mp4 extension among other music and video formats, definitely not .exe or .lnk.
Use a reliable security solution for complete protection.