Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Avengers: Endgame Scam

Avengers: Endgame was released in the US on April 22nd and has quickly become one of the most successful movies of all time. It is no surprise that attackers are attempting to take advantage of the broad fanbase that the Avengers series has developed. When users are Googling “Avengers: Endgame free download” many of them are coming across a page that proclaims to be a free download or an online player displaying the movie. However, instead of beginning to play, a window opens that asks the potential viewer to create an account before they can continue. Their email address and password are then asked for along with their billing information such as credit card number, expiry date, CVV number, in order to validate the account. The fake page then assures the users they will not be charged and the information they were required to provide was simply for verification purposes. Once this process is finished, the movie is never streamed and the information that was input is now accessible by the scammer.

Analyst Notes

Users should never provide information to unfamiliar sites, especially those asking for credit card information. Passwords should be changed using complex formats and never be duplicated. Antivirus platforms can be implemented to help thwart these scam attempts.