Cybercriminals are actively abusing the names of artists and songs nominated for the 2020 Grammy awards in order to spread malware, global cybersecurity company Kaspersky warned on Thursday.
While Kaspersky detected 205 instances of users in South Africa being attacked by malware disguised as Billie Eilish songs in 2018, over the last year this jumped to 15 354. The US musician swept the 62nd awards.
"Music is not free from malicious activity. Criminals use popular artists' names to spread malware hidden in music tracks or video clips," Kaspersky said in a statement.
"The connection between the rise in popularity and malicious activity is very evident in the case of newer artists such as Billie Eilish. The teenage singer became hugely popular in 2019, and the number of users who downloaded malicious files with her name has risen almost tenfold compared to 2018
Kaspersky's protection technologies detected a 39% rise in attempts to download or run malicious files under the guise of Grammy nominees' compared in 2019. Overall, South Africa saw 90 such malicious files distributed in this region in 2019, with 184 005 attacks.
Kaspersky researchers analysed Grammy 2020 nominated artists' names and song titles for malware. They found 30 982 malicious files that used the names of artists or their tracks in order to spread malware.
Analysis of the nominated artists showed that the names of Ariana Grande, Taylor Swift and Post Malone were used most to disguise malicious files, with 55% of detected malicious files named after them.
Kaspersky also analysed which records and songs, nominated for a Grammy in 2019, received most attention from cybercriminals. Post Malone’s ‘Sunflower’, Khalid’s ‘Talk’ and Lil Nas X’s ‘Old Town Road’, led the way for songs with the most malware attacks.
Ariana Grande, Taylor Swift and Post Malone were the favourite artists used by attackers, with these nominees' names used most often in 2019 as a disguise for malware.
Anton Ivanov, Kaspersky security analyst, gives the following tips:
- If you want to listen or download songs from famous artists, use reputable services like Apple Music, Spotify Premium, and Amazon Music. Or try to find a recognised free music site that allows you to download songs legally;
- Try to avoid suspicious links, promising exclusive music content. Check musicians' official social media accounts or read reputable music blogs like Pitchfork, to make sure that such content exists;
- Look at the downloaded file extension. Even if you are going to download an audio or video file from a source you consider trusted and legitimate, the file should have an mp3, .avi, .mkv or .mp4 extension among other music and video formats, definitely not .exe or .lnk;
- Use a reliable security solution for comprehensive protection from a wide range of threats.
* Compiled by Carin Smith