Anime fans beware: cybercriminals exploit popular titles with malware

As the release of Demon Slayer: Infinity Castle approaches, a new report from cybersecurity firm Kaspersky reveals a surge in cyber-attacks targeting Generation Z viewers through popular anime titles. Cybercriminals are exploiting the immense popularity of anime, disguising malware as legitimate content and luring fans with promises of free downloads and exclusive access.

What are the anime titles most targeted?

Kaspersky's findings indicate over 250,000 attack attempts using popular anime titles between Q2 2024 and Q1 2025, a figure nearly six times higher than attacks disguised as non-anime films and TV series. Naruto accounted for the highest number of incidents with 114,216 attacks, followed by Demon Slayer (44,200), Attack on Titan (39,433), One Piece (29,886) and Jujutsu Kaisen (24,196). These phishing schemes entice fans with offers of high-quality anime episodes, leading them to download malicious files or compromise personal data.

Gen Z, who watch more anime than any other generation, are particularly vulnerable. The fluctuating legal availability of anime titles, coupled with rising streaming platform fees, drives many to seek alternative viewing methods. Cybercriminals capitalise on this by creating fake streaming links and downloads that appear legitimate. "As the world of entertainment continues to evolve, so do the tactics used by cybercriminals to exploit popular content, whether through fake downloads or fraudulent merchandise offers," stated Vasily Kolesnikov, a security expert at Kaspersky.

Beyond new releases, classics like Naruto and Attack on Titan are also weaponised, targeting viewers looking to rewatch or discover old episodes. Kaspersky also detected 96,288 attempts to distribute malicious files disguised as major streaming platforms such as Netflix and Disney+. To combat this, Kaspersky has launched Case 404, an interactive game designed to educate Gen Z about cybersecurity risks.

Fans are urged to use legitimate, paid streaming subscriptions and verify website authenticity before entering personal information. Always check URLs and company name spellings to avoid phishing sites and be wary of video files with unusual extensions like .exe or .msi.