The 'Barbie' movie is making everyone think pink. It may also give you a computer virus

With Barbie opening in theaters to massive numbers, global attention is being paid to everything about the blockbuster film tied to the nostalgic doll. Not surprisingly, cybercriminals have been busy exploiting the hype.

New research from online protection company McAfee found that in the three weeks leading up to the record-breaking opening last weekend, there were at least 100 new instances of malware with Barbie-related filenames, many of them deployed in an effort to hack into unwitting victims' computers and phones.

Although global in scale, more than one-third of them involved malware targeting users in the United States, according to blog posts from the company.

Fake Barbie websites, links and offers

Most of the scam attempts involved setting up fake Barbie websites, online offers and emails with links to download or buy something related to the popular doll and movie, Steve Grobman, McAfee's chief technology officer, told USA TODAY. He said it's just the latest variation of one of the oldest scams out there: cybercriminals target a specialized audience that they think are particularly emotional or vulnerable, including fans of a sports team, musician or cultural phenomenon, or those willing to help out victims of the latest natural disaster.

"Cybercriminals are always on the lookout for opportunities to make phishing and other scams more attractive and believable,” said Grobman. “They often leverage popular and well-publicized events to trick users into clicking on malicious links. And Barbie is an attractive target. We are seeing a number of different cyber criminals using malware to largely steal data from people."

"Barbie is an attractive target"

But McAfee researchers also discovered some more malicious scams recently, including offers that tempt consumers with free Barbie tickets or movie downloads that unleash malware known as Redline Stealer. And that off-the-shelf technology can be used to siphon personal data, login details and other key information from devices, web browsers, cryptocurrency wallets, and popular applications such as VPN, Grobman said.

Suzanne Spaulding, a former top Department Homeland Security cybersecurity official, said such cyberscams are to be expected with something as commercially popular as the Barbie movie juggernaut. She praised McAfee for getting the word out, saying promoting increased awareness of such hacking efforts is the best way to limit their effectiveness.

More: Here's why security officials are concerned about claims of a hacked (or stolen) election

"We often see these in the wake of a disaster, where people are motivated out of compassion, for example, to give money," said Spaulding, who led what is now known as DHS' Cybersecurity and Infrastructure Security Agency, or CISA, managing a $3 billion budget and a workforce of 18,000 charged with preventing attacks against U.S. government and civilian organizations.

Exploiting anything and everything they can

But while scammers are still looking to take advantage of efforts to help people in need, they are also exploiting anything that they think could cause people to click on a link and download malware that hopefully − in their minds − makes them money, Spaulding said. And Barbie fans, she said, are an obvious target.

"They're going to look for every target of opportunity," Spaulding said. "And so this is not surprising and it's good to be getting the word out because that's what we need to do."

Paul Rosenzweig, another former Homeland Security cybersecurity official, said it's not the first time cyberscammers have targeted the latest blockbuster. "We saw it with other earlier iconic movies like the Avengers series, where there was a similar effort to take advantage of the rubes going on," said Rosenzweig, a member of the Advisory Committee to the ABA’s Standing Committee on Law and National Security.

"Anytime people get emotionally engaged with something, whether it's a Barbie movie, or hurricane relief, they tend to become a bit more credulous and tend not to pay as much attention as they should. It happens all the time," Rosenzweig said.

A variety of Barbie cyberscams

McAfee researchers agree, and pointed to scam sites linked to the Super Bowl in the U.S., cryptocurrency scams that capitalized on hit shows like Squid Games, and the merchandise and streaming scams that pop up during FIFA’s Men’s and Women’s World Cup.

One of the most common new scams is fake videos that promote bogus ticket offers that are used to install spyware on a user's computer or phone and steal their personal information, McAfee's Jasdev Dhaliwal, wrote in a July 20 post on the company's website.

In India, McAfee researchers found several examples of malicious campaigns attempting to trick victims into downloading the Barbie movie in different languages.

Educating the public about a new hustle − using old tactics

Grobman said McAfee is publicizing the new scams in an effort to educate the public − here and overseas − about how and why they are popping up so quickly. He said it's especially important to spread the word about the ways in which generative AI, or advanced artificial intelligence, is aiding and accelerating the pace and frequency of these kinds of cybercriminal actions.

More: Hackers beware: Justice Department doubles down on efforts to thwart global cybercrime

For example, many cybercriminals live overseas and target Americans, who they perceive as being gullible and with a lot of money to spend. But their phishing attempts are often clumsily worded, so much so that even the most uninformed potential victims don't click on the link provided and allow malware to infect their device.

"They've often had to use things like Google Translate or other translation services where you can pick up on the grammar not being right, whereas with generative AI, a scammer can now say, 'Write me an email saying 'I'm giving away 20 free Barbie movie tickets to the first person that does XYZ' and and make it very specific to their intended victims," Grobman said.

In its online research reports, McAfee said consumers can protect themselves by only viewing sites – and clicking on links – affiliated with trusted retailers and streaming services. Also, it said, they should only purchase tickets from a theater chain or reputable ticketing app and be careful of “shoddy-looking” sites. They should view offers, promotions and giveaways with an especially critical eye. And above all, it said, they should make sure they have comprehensive online protection software that will defend against the latest virus, malware, spyware, and ransomware attacks.

Grobman said that in the spirit of the "Barbenheimer" phenomenon, McAfee's researchers also looked into whether cyberscammers were trying to use the movie about the father of the nuclear bomb to dupe unwitting fans into clicking on malware links. They found a few, he said, but the Barbie scams outnumbered those linked to "Oppenheimer" by at least 20 to 1. And they occurred in more than a dozen countries worldwide, including Malta, Chile, Malaysia, Japan, Mexico, India, Brazil and Canada. About 6% of them came from Canada, where lead actress Margot Robbie hails from.

"So while the malware isn't really new, and the scams aren't new, they're basically putting a Barbie facade on top of it in order to go after a tranche of users that might not have been victims previously − and who might be vulnerable to this sort of scam," Grobman said. "What the cybercriminals are doing is they're trying to have as wide an aperture as possible and targeting as many users as they can. And I think they see Barbie fans, folks that are interested in Barbie-related content, as being likely to fall for some of these."

This article originally appeared on USA TODAY: Barbie fever is overtaking the summer. It could infect your computer