Squid Game-Themed Phishing Campaign: TA575’s Comeback

by | November 8, 2021 | Cybersecurity News

Green light, red light – one wrong move, and you’re phished. Researchers spotted a new phishing operation taking advantage of the popularity of the Netflix Squid Game series to distribute Dridex malware.

The Squid Game Scam – Let The Phishing Begin

The spooky season brings yet another gory scam. So, keep an eye out for emails pushing Squid Game-themed Halloween costumes, online games, or sneak peeks of season two, for they can be carrying malware.

Kaspersky researchers spotted several dozen malicious files online claiming to be content related to the already famous show. But instead, the majority contained trojan downloaders that would install other malware on victims’ devices. Researchers said the other files included adware and bogus offers for Halloween costumes intended to steal sensitive data, such as credit card details.

One of the schemes offers an animation of the first game from the show. But, while you’re watching, a sneaky trojan is launched in the background to steal your data from the web browser and send it to the cybercrooks. Researchers added that the trojan also creates a shortcut that the attackers could use to launch the malware whenever you start up your system.

Hackers also disguised the malware in apps, games, and books available on third-party app stores. You’re led to believe that you’re downloading episodes of the show, but, in reality, they contain the same kind of data-stealing trojans.

TA575 Is Distributing Dridex Malware

Proofpoint researchers found that the cybercriminal group behind the campaign, TA575, is using Squid Game-themed lures in phishing emails to spread the infamous Dridex malware. They observed thousands of such phishing emails this week.

“Proofpoint identified the large cybercrime actor TA575 distributing Dridex malware using Squid Game lures. The threat actor is purporting to be entities associated with the Netflix global phenomenon using emails enticing targets to get early access to a new season of Squid Game or to become a part of the TV show casting,” Proofpoint writes in a blog post

The emails used subjects such as:

  • Squid Game is back, watch new season before anyone else. 
  • Invite for Customer to access the new seasson. 
  • Squid game new season commercials casting preview 
  • Squid game scheduled season commercials talent cast schedule 
A new Squid Game-themed scam promises early access to content.
Netflix Squid Game email lure inviting customers to get early access to a new season. Credit: Proofpoint
Netflix Squid Game email lure soliciting actors and background talent to apply to be on the show or show commercials. Credit: Proofpoint

“The emails tell the victim to fill out either an attached document to get early access to the new season of the show or a talent form to become part of the background casting. The attachments are Excel documents with macros that, if enabled, will download the Dridex banking trojan affiliate id “22203” from Discord URLs,” researchers said.

One of the several Excel attachment lures observed in this campaign. Credit: Proofpoint

Proofpoint added that Dridex is a highly sophisticated and exceptionally effective banking trojan. Once it infects your device, it could be used for data theft or ransomware attacks.

“Dridex is a prolific banking trojan distributed by multiple affiliates that can lead to data theft and installation of follow-on malware such as ransomware.

What To Do To Avoid Falling Victim

Cybersecurity experts say you should double-check the authenticity of the websites you’re sharing your personal info on. Also, only download movies from official sites. Hover your mouse over the URL to know for sure you’re not heading to a spoofed site.

Stay away from links promising exclusive or early access to any content. Pay close attention to the file extension when downloading something. For instance, a video file will not have a .exe or .msi extension. Use security software to identify and block malicious attachments and phishing sites.

And last but not least, implement security awareness training in your company.

Here are a few perks of choosing ATTACK Simulator:

  • Automated attack simulation – we simulate all kinds of cyberattacks.
  • Real-life scenarios – we evaluate users’ vulnerability to give company or pesonal data away using realistic web-pages.
  • User behaviour analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file repilcas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
  • Brand impersonation – we impersonate popular brands to make the phishing simulations all the more realistic.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and determine where you stand against a phishing attack!


CNet Researchers spot dangerous Squid Game-themed phishing emails

Proofpoint TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware


Image by Chetraruc from Pixabay

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.