Ebooks with Fake Links Pulled from Kindle Store
Graphic novel fans, particularly those Kindle readers who adore the popular John Wick series, may have unknowingly downloaded fake ebooks promising them the opportunity to stream the third film installment prior to its release in May, according to Malwarebytes.
The empty promise could do more than disappoint fans, though. According to researchers, the ebooks, which varied in price, actually sent the reader down a rabbit hole of malicious links to illicit sites claiming to offer streaming services.
It’s not unheard of for scammers to target the Kindle store, but historically the goal has been to steal authors’ content. This new tactic of packaging fake movie links in ebooks poses a different kind of threat.
“Roughly 40 or more individual items were uploaded from around January 25 to February 2, each one from a different 'author.' At first glance, you might think you’re looking at movies, thanks to the play button icon on each image preview. The fact that each entry is called something along the lines of “John Wick 3: free movie HD” probably helps, too,” wrote Malwarebytes lead malware intelligence analyst Chris Boyd.
Infosecurity contacted Amazon, which reportedly addressed the issue internally, though battling fake ebooks is nothing new for the online megastore. In his February 4 blog post, Boyd said, “It’s tricky to flag dubious content on the Kindle store, as you have to report each title individually and give reasons. We contacted Amazon customer support and have been informed these e-books have been escalated to the appropriate teams.”
As of today, search results appear to have been removed, but Boyd said, “We've also since found references to a similar eBook claiming to be a 'Spider-Man far from home' HD movie, which has also been removed. It's quite possible the scammers behind this may start taking aim at other big name film titles. Kindle owners should always check out a preview whenever possible, and not waste their money on anything proving nothing but a link to a streaming website."
Source: Information Security Magazine