CRW

Home Wiki

McDonald's Japan malware attack

View on consumerrights.wiki ↗

Contents3
  1. Incident
  2. Company response
  3. References
McDonald's Japan MP3 Player showcase from the advertisement.
McDonald's Japan MP3 Player showcase

In 2006, McDonald's in collaboration with Coca-Cola ran a promotion in Japan that lasted for 1 month. During this promotion, 10,000 winners obtained a USB-stick MP3 player.[1][2] When Japanese winners received their MP3 players and inserted them into their computers, it was discovered that the products additionally carried malware meant for Windows operating systems.[3][4][5]

Incident

On 4 August, 2006 across Japan, McDonald's collaborated with Coca-Cola to run a promotion which lasted until 31 August, 2006. During this promotion, customers would peel a code from a cup and type the code onto their website, with 10,000 selected winners obtaining a USB-stick MP3 player loaded with ten free songs.[1][2] Winners who received the McDonald's MP3 Player would be infected with a Trojan Horse called QQPass Trojan that would affect devices running the popular Windows versions at the time. QQPass Trojan worked to first disable the device's antivirus(es), and then if the user was running was QQ Instant Messenger, it would capture password information and forward it via e-mail to a malicious third-party.[3][4][5]

McDonald's Japan 2006 Cup Advertisement

Company response

On 7 August 2006, McDonald's issued a public apology for any consumers infected from the incident. The company offered a web link that removed the malware from computers and allowed winners to return their MP3 players for a free replacement.[6][7]

  • McDonald's Japan 2006 Google Translate Page apology and request for MP3 players.
    McDonald's Japan 2006 Google Translate Page apology and request for MP3 players.
  • McDonald's Japan Customer Support Page in 2006.
    McDonald's Japan Customer Support Page in 2006.
  • McDonald's Official Statement regarding 2006 Japan malware incident.
    McDonald's Official Statement regarding 2006 Japan malware incident.

References

  1. 1.0 1.1 Sayer, Peter (16 Oct 2006). "Worm eats its way into McDonald's MP3 player promotion". InfoWorld. Archived from the original on 22 Feb 2026. Retrieved 6 Mar 2026.
  2. 2.0 2.1 Loof (18 Jun 2023). "McDonald's Mp3 Virus | Info Comp". YouTube. Archived from the original on 7 Mar 2026. Retrieved 6 Mar 2026.
  3. 3.0 3.1 deVilla, Joey (16 Oct 2006). "Superspyware Me!". Global Nerdy. Archived from the original on 6 Aug 2025. Retrieved 6 Mar 2026.
  4. 4.0 4.1 Stevens, Chris (17 Oct 2006). "McDonalds' free Trojan: "Would you like malware with that?"". CNet. Archived from the original on 21 Aug 2025. Retrieved 6 Mar 2026.
  5. 5.0 5.1 Leyden, John (16 Oct 2006). "Spyware infection prompts McDonalds MP3 recall". The Register. Archived from the original on 23 Jan 2026. Retrieved 6 Mar 2026.
  6. Thomson, Iain (17 Oct 2006). "Free malware from McDonalds". ITpro. Archived from the original on 10 Jul 2025. Retrieved 6 Mar 2026.
  7. "McDonalds Unwittingly Distributes Contaminated Prizes". SPAMfighter. 26 Oct 2006. Archived from the original on 13 Feb 2026. Retrieved 6 Mar 2026.
Filed under