HBO’s Game of Thrones may have finally ended its run after a decade but fans of the show who haven’t yet caught up on the series’ final episodes or those who want to relive it all again by downloading episodes illegally were treated to malware attacks instead of the actual episode, according to a study by Moscow-based cybersecurity firm, Kaspersky Lab.

In a press release, the company noted that while spikes on the number of attacks were recorded every time a new episode premiered, some episode proved to be more toxic than others: “the third episode trigger[ed] the highest number of detected attempts to attack users, reaching 3,000 attacks a day at its peak.”

The third episode of the eighth season, “The Long Night,” saw the remaining characters of the show take a stand against the Night King and his army of White Walkers who was determined to put an end to humanity.

“Overall, after tracking associated malicious activity through the entire eighth season, Kaspersky lab researchers have found that the average daily number of attacks on users that involved malware disguised as an episode of Game of Thrones, was around 300 to 400. This number jumped to around 1,200 for the three to four days following the release of each new episode: a three- to four-fold increase in malicious activity,” the company said.

The company also said that it noticed a similar attack vector used in the series and with the recently released Avengers: Endgame film where users are invited to watch newly released episodes for free, but which are actually designed to extract sensitive data from users.

“Typically, the online-player icon shows a scene from the TV show and redirects the victim to a registration page, later asking for bank card details with the CVC/CVV-code, claiming it is only for validation purposes,” it said.

“We see shared TTPs (tactics, techniques and procedures) across the phishing websites where scammers try to steal users’ details by promising a pirated movie before its official premiere. We believe there is a certain group of threat actors that methodically hunts fans of popular movies and TV productions, adjusting schemes dynamically according to pop-cultural happenings,” said Tatyana Sidorina, security researcher at Kaspersky Lab, in the release.

In order not to fall victim to schemes and put one’s cybersecurity at risk, Kaspersky Lab advised users to “avoid questionable websites, especially the ones that distribute pirated content.”

They also said to not enter any information — especially credit card details — on websites “you have no reason to trust,” not to use the same password for different web pages, and, finally, “use [a] reliable antivirus software with protection from online scams and phishing.” — ZBC