- Film fans targeted by Efimer malware ahead of Oscars 2026
- Malware hosted on fake sites for Best Picture nominees
- Efimer can steal crypto, passwords and more
Film fans looking to catch up on all the year’s top films ahead of the Oscars 2026 have been warned to be on their guard against new cyber threats.
Experts at CyberNews have revealed a malware campaign dubbed Efimer, which targets people searching online for illegal downloads of this year’s Best Picture nominees.
Anyone looking for their fix of Marty Supreme, Sinners or Bugonia is actually putting themselves at risk of having their information and online accounts hacked, the experts warn.
Article continues below
Efimer on the hunt
In their write-up of the campaign, CyberNews noted how Efimer is “a classic honeypot” targeting those who want to make sure they haven’t missed the year’s biggest films.
“Instead of a high-definition rip, they are downloading a script that will attempt emptying their digital wallets,” the experts say.
Unusually, the danger of Efimer comes not from torrent sites, but from Google search, where unsuspecting film fans might find themselves clicking on a link to a malicious site pretending to host top movies.
In reality, hackers have weaponized SEO by hijacking vulnerable WordPress sites to spread malware, as legitimate business sites have been compromised through brute-force attacks to host fake torrent landing pages.
In total, 12.11% of Google results were found to be malicious, as the researchers say Efimer has used every single Best Picture 2026 nominee to widen its net – Marty Supreme was the most popular lure with 16 malicious links, followed by Bugonia with 15 and Sinners with 12.
Once on the malicious site, victims are told they need to install a “special player” to view the movie, but this is actually the Efimer malware in disguise. Once installed, Efimer monitors the user’s clipboard, and when it detects the victim is about to send a crypto transaction, it silently replaces the recipient’s address with the attacker’s.
The campaign only targets Windows users, who are told to be suspicious when clicking on unusual links, and ensure they have robust and reliable antivirus and firewall software installed and updated to the latest version.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
