Skip to main content

It's a TRAP! Rise of Skywalker malware is spreading

(Image credit: Lucasfilm)

Now that Star Wars: The Rise of Skywalker is upon us, cybercriminals are just as eager to cash in on the new film as Disney itself, using promises of free movie downloads to spread malware and steal credit cards. (A new Star Trek film would (maybe) never do this to you.)

Kaspersky, a Moscow-based security firm with a U.S. office in Woburn, Massachusetts, released a detailed blog post yesterday (Dec. 19) about Rise of Skywalker scams. 

They're nothing terribly new: A shady site or social media account promises a free download of a hot new movie. Then it either steals your credit-card information or infects your computer with a malicious program.

Naturally, the easiest way to avoid this scheme is simply to pay real money to see The Rise of Skywalker in theaters. If you refuse to pay for the film (as I do), then you'll have to wait until it comes out on DVD and take it out of your local library or borrow it from a friend.

As time goes on, no doubt some shady sites will host real copies of the movie. I still wouldn't recommend using these sites as they tend to be havens for adware, spyware and malvertising, even at the best of times.

The rise of Star Wars scams

If you've never gone down the rabbit hole of pirated film scams, it goes something like this: You go searching for "Star Wars: Rise of the Skywalker free download" or something similar on Google. 

Or you see a post like "watch Star Wars: The Rise of Skywalker online FrEE" on Twitter. Or a spambot randomly posts a link to watch the film in a tangentially related discussion on Facebook.

Whatever the reason, you find yourself at some sleazy website, with a thousand pop-up ads that all lead to niche porn sites, and some kind of media player beneath all that with a screenshot from The Rise of Skywalker trailer

When you click on the Skywalker image, one of two things will happen: It will prompt you to download a "video player" with an EXE file extension, or it will bring you to a portal page where you need to enter your credit card information for "verification." 

Neither option leads to a good outcome. The EXE is malware that will draft your computer into a botnet, force it to mine cryptocurrency, or install a backdoor to steal your information or download more malware. 

The portal page will steal your credit card information before sending you back to an infinite loop of registration pages. Neither option will show you how the Skywalker saga finally ends.

Less is more

People have actually fallen for this scam. So far, Kaspersky has measured 83 users who have downloaded 65 different malicious files from more than 30 different sites and social-media accounts promising free Skywalker. That doesn't count how many others may have handed over their credit cards.

Compared to last year, these Star Wars scams have targeted fewer fans and employed fewer malicious files but have gotten better results. The reason for this is pretty simple: There's a new Star Wars movie this year.

The bottom line is that Star Wars: The Rise of Skywalker won't be available as a free download any time soon, and it'll probably never be available as a free download from a reputable site.

In other words: I've flown from one side of this galaxy to the other. I've seen a lot of strange stuff, but I've never seen anything to make me believe that Disney would give away a Star Wars movie for free.