Fake videos or pictures of naked international celebrities are often used as lures in schemes to propagate malware.
The latest of these videos purportedly features popular English actress Emma Watson and users from various websites are redirected to a very expertly made fake YouTube pages where the video is supposedly hosted, complete with comments, “Like” and “Share” buttons and related videos on its right.
But unfortunately for all those who fell for the lure, a click on the Play button or any other link does not start the (nonexistent) video. Instead, the target is asked to update its Adobe Flash Player in order to be able to view it:
“The warning is very well designed,” warns Zscaler. “It feels like a desktop software with an animated download function, despite being part of the web page.”
And the offered file (scandsk.exe) – actually a Trojan dropper – is currently detected by only 17 percent of the AV solutions employed by VirusTotal.