14 DAY TRIAL // Security researchers warn about the increasing prevalence of fake movie download and streaming websites, which scam money from users or trick them into installing spyware on their computers.
People searching for information about new movies online commonly end up on such rogue pages, which are pushed at the top of search results through black hat search engine optimization (BHSEO) techniques.
According to researchers from cloud security provider Zscaler, the most prominent free movie fraud ring operates websites like letmewatchthis.com, letbobwatchthis.com, letbobwatchthis.org, movie-source.org, letswatchsomething.com or hatfilmsite.org.
These sites contain movie catalogs, complete with information like description, release date, cast, posters, etc., that is aggregated from various sources.
Clicking the flashy "Download Now" buttons displayed on these pages direct users to other sites where they are encouraged to download a browser add-on called "ClickPotato."
"The ClickPotato add-on gives you FREE and unlimited access to all of the most popular TV shows and films online!" the description reads.
This add-on is actually a spyware application from the Hotbar family, which monitors user behavior and browsing habits. Other adware components are installed along with it.
Refusing the "ClickPotato" download takes users to a different website, that pushes another spyware application disguised as the popular VLC media player.
Other scams claim to offer online streaming for movies, as soon as they come out in theaters. These fake services are offered as a paid monthly subscription.
Users who fall for such tricks, not only part with their money, but end up compromising their credit card details in the process and exposing themselves to even more abuse.
"There are no shortage of video sites with too-good-to-be-true offers. There are only a few sites which offer legal TV or film streaming or downloading (iTunes, Amazon, etc.), and even fewer with free offers (Hulu, etc.).
"If you see offers from other sites, be aware that you will probably end up installing spyware and/or pay for something you will not actually get," advises Julien Sobrier, senior security researcher at Zscaler.