Kanye West’s Donda, the most anticipated album release of the year, is not only for music fans but scammers.
Cybersecurity firm Kaspersky warns of cybercriminals taking advantage of the album release to spread files with various threats such as phishing under the guise of Donda.
In a statement, Kaspersky said with the hype surrounding the upcoming album, it decided to investigate whether cybercriminals are taking advantage of the album release to spread malware.
“Even though experts did not notice huge interest from scammers, during the period from July to August 2021, they managed to find several examples of fake downloads and fraudulent links masquerading as the album,” it said.
Experts found two adware files that disguised themselves as a media file with a new track:
- Download-File-KanyeWestDONDA320.zip_88481.msi
- Kanye West _ DONDA (Explicit) (2021) Mp3 320kbps [PMEDIA] __ – Downloader.exe
The statement also highlighted other types of scams that can come in different disguises. Users are tricked into clicking on links which download malware to their computers or mobile devices.
In the first type of scam, Kaspersky said users receive a link to download the “album”, and are asked to participate in a survey and confirm they are not a robot. The survey includes a series of questions, such as: “how much do you earn” and “do you want to become rich?” After the survey is completed, a user is directed to a scam website to make money on bitcoins but the link to the album never appears. If users fall for the offer of becoming a bitcoin millionaire and enter personal data, they may lose their money and not get access to the album.
In the second type of scam, a user finds a link to an archive with an album. But in reality, this archive will be infected with malware. After unpacking it, the user’s device will be infected.
Kaspersky has prepared a few simple tips on staying safe from online scams:
- It’s safer to access content from official platforms only, like Apple’s App Store, Google Play, Spotify, Apple Music, etc. Apps. Files on these are not 100% failsafe but at least they get checked and filtered by the digital platforms.
- It is a good idea to check the link before clicking. Hover over it to preview the URL, and look for misspelling or other irregularities.
- Sometimes e-mails and websites look just like real ones. It depends on how well the criminals did their homework. But the hyperlinks, most likely, will be incorrect with spelling mistakes, or they can redirect you to a different place.
- Try not to open unexpected files sent by your friends or relatives. They may be ransomware or even spyware, just like attachments from what looks like official-looking e-mails.
- Install a trusted security solution that can detect phishing and malicious content. These secure solutions are necessary to be able to solve the majority of problems automatically and alert you on suspicious activity.