Here's one group of fans George R. R. Martin may not want on the Game of Thrones bandwagon — the authors of the Locky ransomware.
According to a recent discovery from researchers at PhishMe, the group behind the Locky ransomware are big fans of HBO's hit series, so much so that they've peppered recent scripts with names of show characters and other references.
Researchers found these references in the Visual Basic script that comes part of a ZIP or RAR archive attached to email spam. If users open these emails, download the archive, and run the VB script contained within, the file would download and install the Locky ransomware.
Variable names found in this VB script reference the Game of Thrones show, such as "Aria," "SansaStark," "RobertBaration," "JohnSnow," or "HoldTheDoor" (aka Hodor).
Furthermore, the term "Throne" was used 70 times inside the script.
"The runtime for this script is indifferent to the variable names. The variable names could be anything, including completely random combinations of letters and numbers," says Victor Cornell, PhishMe researcher.
"However, the criminals responsible for this attack chose a distinctive theme for their variables, thereby revealing their interest in this pop culture phenomenon," the expert added.
According to independent security researcher MalwareHunter, the script has been deployed in live infections for some weeks.
File name: SCNMSG00001018.vbs
Image credits: HBO