A report from cybersecurity company Proofpoint says that it’s observed a “targeted email campaign” that is using details of leaked Game of Thrones episodes to try and spread malware to unsuspecting users.
The company first came across an e-mail on August 10th with the subject line "Wanna see the Game of Thrones in advance?" The emails contained some general details of upcoming episodes, as well as a Microsoft Word attachment with malware hidden in it. Once downloaded, it would attempt to install a “9002” remote access Trojan (RAT). Proofpoint says that similar attacks in the past have been attributed to groups associated with the Chinese government, and that it’s possible that this attack could be coming from the same actors.
At the end of July, hackers stole 1.5 terabytes of data from HBO, including contact information for the show’s stars, unaired episodes and scripts, while an unrelated accident allowed a pair of episodes to leak to the internet earlier this month.
Proofpoint isn’t saying that HBO’s breaches and these attacks are connected. The hackers behind these phishing attempts are using the leaks as a way to get people to click on and accidentally install their software, relying on natural human curiosity to carry out their attack.