Fake Games of Thrones leaks used by hackers to trick fans into downloading malicious files

With the final episode of the latest season of Game of Thrones airing this week, excitement about the fantasy TV series is at an all time high.

Add to that the fact that several episodes were leaked online before the official release date, and you have the perfect conditions for a successful cyber attack.

Last week, several people reportedly received an email with the subject line “Wanna see the Game of Thrones in advance?”. The email contained a file attachment, claiming to include salacious spoilers and video clips from the season finale.

However, opening the attachment resulted in a piece of malware known as a remote access trojan (RAT) being installed on the recipient’s computer, allowing hackers to start syphoning off sensitive information.

The attachment was disguised as a Microsoft Word document, but actually contained an embedded .LNK file, which was responsible for installing the RAT.

According to cyber security firm Proofpoint, which identified the attack, it bears all the hallmarks of Chinese state-sponsored hacker Deputy Dog.

“The use of a Game of Thrones lure during the penultimate season of the series follows a common threat actor technique of developing lures that are timely and relevant,” said security researchers Darien Huss and Matthew Mesa in a blog post .

The attack also plays on “the human factor – the natural curiosity and desire to click that leads to so many malware infections,” they said.

Proofpoint added that the attack would have been particularly dangerous if the recipient had opened the email at work, as it could potentially have allowed hackers to steal confidential corporate information.

The company advised email users to think carefully before opening attachments from unknown senders – particularly if they are promising something that is too good to be true.

“It is worth noting that episodes 4 and 6 were already leaked; it is unlikely that responding to the lure would actually net a recipient new, unreleased episodes,” they said.


Leave a Reply