Beware Fake Movie Streaming Sites Like BazaLoader and BravoMovies

When it comes to stealing your data, cybercriminals always have a new scam up their sleeves. One of their favorite tools is fake movie streaming websites. Given the popularity of movie streaming services, it’s not particularly surprising that criminal hackers have sought to lure unsuspecting users to their fake sites.

At first glance, many of these fake websites look like legitimate streaming services such as Netflix or Amazon Prime Video. However, upon closer inspection, they aren’t what they seem. Instead, the goal of these platforms is to install malware on your computer, enabling criminals to steal your personal information. Here’s what you need to know about the world of fake movie streaming sites.

BravoMovies: An Example of Hackers Streaming

BravoMovies hacker streaming website homepage

The fake streaming site BravoMovies is one of the most brazen attempts to trick users into installing the BazaLoader malware on their computers. The cybercriminals behind the BravoMovies platform succeeded in creating a realistic-looking platform that mimics legitimate streaming websites and even displayed movie titles on the landing page.

The hackers behind the fake streaming site used an email campaign to target users claiming their subscription to BravoMovies was ending and if they didn’t act, their credit cards would be charged for a premium plan.

The emails users received didn’t include malicious links, harmful attachments, or anything else that would set off Gmail alarms, allowing the emails to bypass Google’s security screening.


Fake email sent by BravoMovies to lure people to fake streaming website

They even included a phone number users could call if they wanted to cancel their subscription. If a user called the number, they were connected with a call center the group controlled. Instead of canceling their subscription on the phone, the person who answered directed users to the BravoMovies FAQ page, where users could cancel the service.

Related: Don’t Be Fooled by These Advanced Phishing Techniques

But the FAQ page directed users to download an Excel file that enabled micros which installed BazaLoader onto the target computer.

BravoMovies fake streaming website directs users to cancel in two clicks and downloads BazaLoader trojan

This isn’t the first time the group behind BravoLoader has created a fake website, but it is its first fake streaming movie streaming site and the most complex website the group has created to date.

Since the group has experienced success with BravoMovies, they will likely create most fake websites in the future.

What Is Fake Hacking?

Clicking on an email that tricks you into visiting a malware-infested hackers streaming website isn’t the only method cybercriminals use to trick you into giving up your personal information.

Fake hacking is another way a hacker could convince you to part with your data or money and, like the BravoMovie scam, it often involves hackers setting up a fraudulent website. However, in this scenario, the hackers want you to believe your computer or device has been infiltrated by malware, even when that’s not the case.

Related: How Hackers Are Using Our Own Technology Against Us

If a cybercriminal can convince you that you’ve been hacked, you may be tempted to transfer money, cryptocurrency, or something else of value to unlock your computer. Here are a few ways a fake hacker may try to trick you into believing you’ve been hacked:

  • A pop-up window on your screen that claims you’ve been hacked, that your computer is infected with malware or ransomware. These pop-ups usually come from adware installed on your device.
  • You receive an email saying your computer has been hacked or ransomware has been installed on your computer.
  • They use a hacker typer: a website, app, or tool that can be used to trick someone into believing they’ve been hacked.
  • If you mistakenly visit a fake website, an alert may appear warning you that your computer has been hacked and direct you to steps to fix the problem.

Hacker typer fake hacking website for pranking people to make them believe they've been hacked

If you don’t know the signs to look for, it’s easy to fall victim to a fake hack, resulting in a loss of money or buying services you don’t need because you think they’ll help you resolve the hack. Anyone asking you for money in exchange for freeing your computer from ransomware should raise a red flag as a possible fake attack.

If you’ve suffered a real hack, there will be noticeable changes to your system that won’t appear during a fake hack. If your computer is operating normally after someone claims they’ve hacked you, you’re potentially dealing with a fake hack.

Don’t Be Tempted by Fake Streaming Websites

From spoofs of legitimate websites to hacker streaming sites like BravoMovies, there are always threats lurking online. Any time you receive an email directing you to call a number to prevent your credit card from being charged for a service you haven’t subscribed to or recognize, be sure you double-check that it’s legitimate.

You should also be on the lookout for suspicious-looking websites, often minor spelling errors, or an unsecured URL (HTTP instead of HTTPS). If you suspect a website is fraudulent, don’t click on any of the links. Cybercriminals will continue to refine their tools and create more convincing scams. Your job as a consumer is to do your best to thwart their attempts.

frustrated woman looking at laptop screen
11 Signs a Website Might Be Untrustworthy

With so many websites online these days, it can be hard to tell which ones you can trust. So, here are 11 signs a website might be untrustworthy.

Read Next

About The Author

Leave a Comment