Ioanna is a writer at TNW. She covers the full spectrum of the European tech ecosystem, with a particular interest in startups, sustainabili Ioanna is a writer at TNW. She covers the full spectrum of the European tech ecosystem, with a particular interest in startups, sustainability, green tech, AI, and EU policy. With a background in the humanities, she has a soft spot for social impact-enabling technologies.
Squid Game, Neftlix’s sensational survival drama, has officially become the platform’s most watched show ever. And rightfully so. If only I could unwatch it and watch it again from the beginning…
But Squid Game’s global popularity sadly has a negative side: cybercriminals are ramping up their efforts to scam fans of the show.
There are six games in the Squid Game, so we have selected for you the six most prominent related scams. Falling for them won’t cost you your life as in the show, but your money and your personal data will certainly be on the line.
Red light, green light — let’s begin.
1. The crypto scam
A cryptocurrency inspired by the show lured enough investors to see its value rocketing to $2,856 just a few days after its launch on October 20. In fact, it jumped 310,000% in value last Sunday.
And then suddenly on Monday morning, the digital token collapsed after Twitter flagged the cryptocurrency’s account and temporarily blocked it due to “suspicious activity.”
And guess what. The token’s website and social accounts have disappeared.
According to Gizmodo, the scammers behind Squid seem to have made it off with an estimated $3.38 million. Well, that’s not equal to the $38 million (45.6 billion won) the actual Squid Game was offering, but it’s certainly enough for a comfortable life.
In the crypto word this type of scam is know as a “rug pull” or “pump and dump” scam. It’s basically when a token’s creators abandon a project, cash out the investor’s fund, and… run away.
Jake Moore, Cybersecurity Specialist at global cybersecurity firm, ESET, told us:
So called “pump and dump” cons are usually tied in with the latest trends to attract more attention but this in fact should be the warning needed to alert potential buyers into avoiding them. People need to be mindful of the perils that come with cryptocurrencies and stick to well-reviewed known coins and exchanges.
The Squid was presented as a pay-to-play token for an online game based on the show. Naturally the game’s website, SquidGame.cash, has also disappeared. You can find an archived version here.
While there were many signs that Squid was a scam, unfortunately the frenzy over the show enabled the cybercriminals to get away with some big money.
2. Joker malware detected in Squid Game app on Google Play
The so-called Joker malware is basically a Trojan malware that infiltrates users’ devices through an infected application. It then collects and stores data from the device, and uses them to make premium subscriptions without the users’ knowledge or consent.
The malware was spotted by Lukas Stefanko, Malware Researcher at ESET, in an application called “Squid Wallpaper 4K HD.”
Squid Game themed Android Joker
1) downloads and executes native lib
2) native lib downloads and executes apk payload
Running this app on device might result in malicious ad-fraud and/or unwanted SMS subscription actionshttps://t.co/PTDtPlUkBy pic.twitter.com/AFs8gkEuab
— Lukas Stefanko (@LukasStefanko) October 19, 2021
Google has removed the app from Play Store, but as Stefanko has also pointed out there are more than 200 Squid Game-related apps, which means an equal number of scam opportunities.
Over 200 #SquidGame related apps are available on Google Play
Seems like a great opportunity to make money on in-app ads from one of the most popular TV show without official game.
The most downloaded of them reached 1M installs in 10 days. Its game play is not that well handled pic.twitter.com/gCOYXXaVHY
— Lukas Stefanko (@LukasStefanko) October 19, 2021
3. Fraudulent streaming sites
Cybersecurity firm Kasperksy has also spotted various scams. An example are fake streaming websites that harvest data, or pirated episode downloads packed with malware.
According to the company’s report, those downloads can install malicious files — mostly in the form of Trojans — on Windows systems and even steal passwords or other sensitive information. And in some cases:
A shortcut was also created in one of the folders, which could be used to launch the Trojan every time the system was started.
4. Phishing schemes in fake online games
Kaspersky has found several websites that invite visitors to play online versions of the Squid Game in order to “win” prizes in crypto such as 100 Binance coins (approximately $48,000).
Yes, Binance that’s still under investigation by the U.S. Department of Justice and the Internal Revenue Service for tax evasion and money laundering.
Players are required to sign up, which means to provide personal data, which can result in cybercrimes like identity theft.
5. Fake Squid Game online stores
This is my favorite. As it turns out, there are fraudulent Squid Game merchandize online stores, and the most ‘successful’ ones are those selling Halloween costumes inspired by the show.
According to the report:
Targets end up sharing with cybercriminals their banking and personal identity information since they are asked to provide card details and personal data, including an email address, residence address, and full name.
So again, consumers risk losing their money and turning over personal information.
6. “Season two frenzy” scams
Another cybersecurity firm, Proofpoint, has warned about numerous “season two” scams. And let’s keep in mind here that neither Netflix, nor the show’s creator Hwang Dong-hyuk have confirmed a second season.
Proofpoint reports that thousands of fans, mainly in the US, have been hit with an email asking them to fill out an attached Excel document for access… to season two. It says:
Get early access to the new season Squid Game. New storyline, new game, new challenges. Please fill out a short document to gain access.
If the document is downloaded, the device gets infected with a Dridex Trojan virus (which mainly targets banking information) and a series of other ransomware and malware.
And if that’s not enough, there’s another email going round asking people to register their interest to audition for the show’s next season. You know what’s coming — attached is an Excel spreadsheet.
One word to say for both: phishing.
I think I speak for everyone when I say “no, scammers, we’re not gonna play
Squid Scam Game!”
Do EVs excite your electrons? Do ebikes get your wheels spinning? Do self-driving cars get you all charged up?
Then you need the weekly SHIFT newsletter in your life. Click here to sign up.
Get the TNW newsletter
Get the most important tech news in your inbox each week.