Scammers Use Netflix's Squid Game To Spread Malware, Other Cyberthreats

If you haven't heard, "Squid Game" is Netflix's biggest TV series, attracting more than 111 million viewers. The popularity of this title has led scammers to use the "Squid Game" name to carry out fraud schemes online. Experts from cybersecurity company Kaspersky discussed various "Squid Game"-related cyberthreats such as phishing scams, malware and more.

Credit: Kaspersky

With Halloween recently concluding, several fans of the Korean survival drama have dressed up as characters from the show. There have been a number of fake online stores offering users an opportunity to buy "Squid Game" costumes, with some outlets claiming that they are official stores. But when users shop on these platforms, they end up losing their money and sharing banking and personal information with cybercriminals. The shoppers who fell into such phishing scams usually end up sharing with cybercriminals their credit card details, physical address, email address and full name.


Another cyberattack that people should be aware of is malware that is attached to copies of "Squid Game" that users obtained illegally online. From September to October 2021, several dozen different malicious files were found online that had the words "Squid Game" in their names. There are Trojan downloaders in these files that can install other malicious programs to the downloader's computer. Other Trojans and adware were also discovered in the said files.


Typically, this is how one of the schemes works: The victim would reportedly be shown an animated version of the first game from the show and at the same time, a Trojan would be secretly launched to steal data from users' many browsers and send it to the attackers' server. A shortcut was also created in one of the folders and this can be used to launch the Trojan every time the system was started.


Mobile malware is also a threat. There are some cases where mobile users unwittingly downloaded Trojans when they hoped to download an episode of "Squid Game". When the Trojan application is launched, the cyber attacker can carry out different tasks on the device like opening new tabs in the browser or sending an SMS. These Trojans are also spread on unofficial app stores and other portals, posing as popular apps, games and books.

Credit: Kaspersky

There is also an unofficial online version of "Squid Game", which offers users a chance to win the main prize of 100 Binance coins. The reward never gets distributed and players end up losing their personal data or downloading malware as a result of the scam.


To avoid falling victim to cyberattacks, experts from Kaspersky recommend that you check the authenticity of websites before you watch or download media and share personal data. This means double-checking URL formats and the spelling of company names. You should also look at the extensions of files you are downloading and steer clear of video files with .exe or .msi extensions. Another way to protect yourself from scams is to have a reliable security solution that alerts you of malicious attachments and blocks phishing sites. It is also recommended to avoid sites that promise early viewings of content.

Credit: Netflix

In related news, a "Squid Game"-based digital cryptocurrency dipped to US$0 after its creators cashed out, stealing an estimated US$2.1 million (approximately S$2,828,374.50) from investors. CoinMarketCap revealed that the cryptocurrency called SQUID experienced a surge of as high as US$2,861 (approximately S$3853) in value before falling to US$0. Gizmodo said that the scam is called a "rug pull", where the cryptocurrency's creators cash out of their coins in exchange for real money, resulting in the cryptocurrency being devalued.

Written by Sophia Lopez

LG side