Fake online streaming service tricks users into signing a check in blank

Fake web player redirects users towards compromised html pages to steal credit card credentials

Movies are the favorite pastime for a lot of people. With the advent of high-speed Internet, many movie aficionados turn from DVDs to online streaming, but sometimes, while hunting for the greatest and meanest movie titles, they might stumble upon digital traps, and the promise of a free of charge service might be deadly for the users’ saving.

A simple Google search for good media players proved however to be a bad idea. Amongst the hits there was a site offering an online video player by the name of Web Player. The problem is that, despite the EULA and a multitude of identification data, this software is in fact a malicious piece of code (baptized by Bitdefender as Trojan.FakePlayer.B). And once installed, it asks users to log in with an email address and a password.

EULA and login window of the fake Web Player

No matter what data the victim types in, he is redirected towards an html page that allegedly offers free of charge movie online player for a variety of classics and new releases. The html page is not always the same. Bitdefender has identified more than half a dozen of them by now. Apparently the crooks built several such sites; in case one is blocked by antivirus vendors, there is another one up.

These websites look more or less the same. Their names are different, but the content is strikingly similar. They offer movies for rental or online watching. Once registered, the big guns are ousted as the user needs to provide certain credit card data. This would be a very big mistake. At this point the user will end up paying for a fake service while all the critical credit card data is stored somewhere on a crooks’ server. Crooks will afterwards be able to access these accounts and take money without owners’ consent.

In order to avoid this kind of threats, users need to install a good anti-virus solution, with a solid firewall module and keep it updated at all times. Plus they need to avoid installing any software application that is suggested to them as a pop-up once online especially if they haven’t searched for it.

This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.