threats
Gen Z, or “Zoomers”, are those born between ~1997 and 2012. That’s a 15-year age gap between the oldest and youngest. So what could they possibly have in common? Well, every member of Gen Z is a digital native. They barely remember a time before computers, smartphones, and social media. More than any other generation, Gen Z loves games (especially our own — Case 404 — we hope!), TV shows, and movies. Sometimes, they even shape their identities by constantly connecting with their favorite characters. Naturally, this level of immersion makes them a prime target for malicious actors.
Kaspersky experts have released two reports detailing how cybercriminals target Gen Z through their love of games, movies, TV shows, and anime. Check out the full versions of the first and second reports to dive deeper.
How gamers get attacked
In the one-year period from April 1, 2024, we recorded at least 19 million attempts to distribute malware disguised as games popular with Gen Z. The top three games targeted by these attacks were GTA, Minecraft, and Call of Duty, together accounting for a staggering 11.2 million attempts. So, why are these particular games at the top of both gamers’ and cybercriminals’ lists? We just might know the reason. They’re replayable; that is, players can dive back in any time and still get a fresh experience. Besides, these titles boast massive online communities. Players are constantly creating content, making mods, and searching for cheats and cracked versions.
One of the most common threats facing Gen Z gamers is phishing — where cybercriminals impersonate a trusted entity and tempt players with promises of free in-game rewards to lure them into sharing personal data. Enticing trade offers and easy ways to earn money are some of the most popular tricks used against gamers.
We uncovered a phishing site that looked eerily similar to a legitimate Riot Games campaign. The campaign aimed to blend two different universes: the game Valorant and the animated series Arcane. Players were invited to “spin the wheel” for a chance to win exclusive new skins. In reality, gamers who participated in this “contest” essentially handed over their gaming accounts, banking details, and phone numbers to third parties. Of course, they received no skins in return.
A beautiful background and recognizable characters — what more do you need to fall for a scam?
But it’s not just about scams. In November 2024, our experts from the Global Research and Analysis Team (GReAT) uncovered a campaign where attackers were distributing the Hexon stealer disguised as game installer files. Once installed, this malware attacked gaming platforms; for example, it could extract user data from Steam. On top of that, Hexon targeted messaging apps like Telegram and WhatsApp, and other social media platforms, such as TikTok, YouTube, Instagram, and Discord.
These fake installers flooded gaming forums, chats on Signal and Telegram, Discord channels, and popular file-sharing sites. The cybercriminals promoted the Hexon stealer using a malware-as-a-service model, where some malicious actors provide malware to others — often less tech-savvy ones — for a fee.
Example of attackers’ message in a Discord channel
Interestingly, a short while later, the creator of Hexon announced a rebrand. The stealer was now called “Leet”, and was offered at a 50% discount. Unlike its predecessor, the updated version can bypass sandboxes by checking the infected device’s public IP address and system specifications. If the stealer detects signs of being in a virtual machine, it shuts down immediately.
How movie, TV show, and anime fans get attacked
We dug into some data provided by the Kaspersky Network Security (KSN) — our global threat intelligence network which processes cyberthreat information from every corner of the world. We analyzed the data for the same one-year period starting April 1, 2024, and here’s what we found:
- Netflix was dangled as bait in about 85 000 attacks. That’s nearly 233 times a day.
- Gen Zers aren’t the only ones passionate about anime. Cybercriminals are big fans too, with 250 000 attacks recorded during the reporting period.
- The total number of leaked streaming-service accounts exceeded seven million.
When it comes to the most exploited streaming platforms, alongside Netflix, we found Amazon Prime Video, Disney+, Apple TV+, and HBO Max at the top of the list. Scammers used these brand names in their campaigns throughout the year, with no significant peaks or troughs in popularity. Mostly, they used a classic approach: sending phishing links to fake websites while pretending to represent a streaming platform. The pretexts, however, varied. In some instances, attackers would prompt users to renew their subscriptions or update payment details — only to direct them to a fake site to do so. Such emails often mimicked the streaming service’s official style, making it easy to miss the red flags.
Phishing website imitating the official Netflix page
Beyond just harvesting personal data, these bad actors also distributed various malware. RiskTool was a big one, accounting for around 80% of all attempts. While not malicious on its own, it’s often used in conjunction with other threats, such as miners, helping them conceal their presence in the infected system.
Many of the attacks were designed to steal users’ personal information. We uncovered roughly seven million compromised accounts across Netflix, Amazon Prime Video, Disney+, Apple TV+, and HBO Max. Stolen accounts are typically used by cybercriminals to spread phishing links and malware to more users, or they’re sold off to other malicious actors at a low price.
Anime fans weren’t spared by the digital villains, either. Unsurprisingly so — recent data shows that over 65% of Gen Z watch anime. To gauge just how often attackers targeted fans of Japanese animation, we focused on five popular anime titles: Naruto, One Piece, Demon Slayer, Attack on Titan, and Jujutsu Kaisen. We recorded over 250 000 attack attempts centered around just these five titles. The undisputed leader? Naruto, with over 114 000 attempts.
How Gen Zers can stay cybersafe
Zoomers should protect themselves in the same way as everyone else who enjoys TV shows, games, movies, and anime, and is generally active online. Here’s a short list of the “golden rules” to help protect your accounts, banking details, and devices from prying eyes.
(If you want to learn more about cybersecurity, try your hand as a detective in our new, free browser-game, Case 404. It features three storylines, each showing what can go wrong when you skip out on proper digital hygiene. But for now, let’s get back to those rules.)
- Stick to official sources when downloading games, TV shows, and anime. Seriously, ditch the torrents, sketchy third-party sites, and random links strangers share on forums and in chats. And here’s a heads-up: even official game stores can sometimes get infiltrated by malware. To learn more, read Gamers beware: Trojans have invaded Steam.
- Enable two-factor authentication (2FA) everywhere you can. By the way, tokens can be conveniently stored in Kaspersky Password Manager.
- Remember the adage about a free lunch? Yep — there’s no such thing. Be skeptical of giveaways of skins, cheats, in-game currency, or supposedly leaked episodes of your favorite TV show or anime.
- When you’re paying online, only use virtual cards with spending limits. That way, your main bank account stays safe — even if something goes sideways.
- Use robust security. A security solution will warn you when you’re about to open a phishing website, and help you detect threats in time, even if they’ve already made their way onto your device.
- Read the full reports on attacks targeting Gen Z. The report on movies, TV shows, and anime is here, and the one on gaming attacks can be found here.
The last, but perhaps one of the most important, rules is to stay one step ahead. Subscribe to our Telegram channel to make your online life safer.
How else attackers target Gen Z as well as other demographic groups:
