No Joker: Malware found in pirated Oscar-nominated movies

Joaquin Phoenix as Arthur Fleck acting out on a city bus.
(Image credit: Warner Bros. Entertainment Inc.)

Hey, have you seen the Joaquin Phoenix version of The Joker yet? He's craaaaazy!

And that's what you have to be if you try to download or stream the Joker movie for free from any number of illegal streaming sites, Kaspersky reported today (Feb. 6). 

Any site offering to stream the movie for free is probably going to be a phishing scam, and any movie file you're downloading for free is likely to be riddled (ha ha!) with malware.

On the other hand, Parasite, another Best Picture Oscar contender, is clean, despite its name. Kaspersky found no malicious "Parasite" files or streams.

Online crooks "always prey on something when it becomes a hot trend," said Kaspersky researcher Anton Ivanov. "To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats."

If you're going to download movies from untrusted sources — and we don't recommend that you do — then make sure you are a) running one of the best antivirus programs, or one of the best Mac antivirus programs and b) scanning that downloaded file with said antivirus program before you open it. 

Kaspersky added a third tip, which is to make sure that the file has "an .avi, .mkv or .mp4 extension, or other video formats; definitely not .exe".

More than 300 fake Jokers

Overall, Kaspersky researchers found "more than 20" phishing websites that offered to stream you at least one of the nine Best Picture Oscar nominees, and 925 movie downloads that contained malware.  

The phishing sites asked you provide credit-card or personal details or fill out surveys, but none of them gave you the real movies at the end of the process. As for the file downloads, many will contain the real movie, but give you a little something extra as well. 

Screenshot of a pirated-movie streaming site.

(Image credit: Kaspersky)

Among all nine Best Picture Oscar nominees, Kaspersky researchers "found that Joker was the most popular film among cybercriminals with 304 malicious files named after the Gotham villain."

The World War I movie "1917 was second in this rating with 215 malicious files, and The Irishman was third with 179 files. Korean film Parasite did not have any malicious activity associated with it."

Sometimes it's easy to tell a free movie is fake. One Twitter account set up to promote free streams of The Irishman had this description of the Martin Scorsese gangster movie: "Sequel to the hit top imdb movie following four strangers who bond amid a postapocalyptic zombie outbreak." (That's the plot of Zombieland: Double Tap and probably a few other movies as well.) 

Screenshot of Twitter page offering free access to The Irishman.

(Image credit: Kaspersky)

Kaspersky also looked at the distribution over time of malicious file files, noticing spikes in Joker and 1917 fakes three weeks after each was released. 

The Irishman dipped two weeks after its release and stayed there, possibly because the movie soon became available on Netflix. Quentin Tarantino's Once Upon a Time ... in Hollywood saw an uptick four weeks after its release.

On the flip side, movies that didn't feature violent white men didn't have much appeal. The racing film Ford vs. Ferrari saw barely any interest, and Jojo Rabbit, Marriage Story and Little Women all flatlined. 

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.