Hackers are tapping into a growing consumer trend, the use of illicit streaming devices and apps to access pirated movies, TV shows and live programming, to spread malware and exploit unsuspecting users, a Digital Citizens Alliance investigation has found.
Over the course of its nine-month probe, Digital Citizens, a consumer-oriented coalition focused on educating the public and policymakers on the threats that consumers face on the Internet, observed malware from the piracy apps stealing user names and passwords, probing user networks and surreptitiously uploading data without consent. Investigators also found an illegal scheme to monetise stolen Netflix accounts and ads for premium brands.
The Digital Citizens investigation was conducted in conjunction with Dark Wolfe Consulting, a cybersecurity company that specialises in network security, penetration testing, and targeted malware collection via customized honeypots. The major findings of the investigation included the following:
The shift towards piracy streaming mirrors the shift towards streaming overall. An estimated 12 million people in North America are active users of piracy apps and devices. And usage appears to come at a price: a Digital Citizens research survey of 2,073 Americans found that those who have used these devices and apps are six times more likely to have reported an issue with malware over the last 18 months.
“What the investigation shows is that as piracy shifts from websites and downloads to devices and apps, hackers are adapting and finding new ways to exploit consumers,” said Tom Galvin, Executive Director of Digital Citizens. “Consumers think these devices are like an Apple TV or Roku device, but they have a distinct difference: they have little to no incentive to protect their users. In other words, they are perfect for hackers.”
Though a majority of Americans are somewhat familiar with these devices, they also aren’t familiar with how they work or the risks they could pose. According to Digital Citizens survey, 59 per cent said: “Most consumers are probably unaware of the security risks that can occur when plugging one of these devices into a home network, and if they did know, they would be much less likely to allow them in their home.”
While the threat is relatively new to illicit devices and pirate apps, the tactics follow a pattern that Digital Citizens found in prior research: bait consumers with offers of free content, infect those that take the bait with malware, and steal vital personal information such as user names and passwords. In 2015, a Digital Citizens investigation found that one in three websites offering pirated content exposed consumers to malware that could steal personal and financial information and take over their computers to launch attacks.
Given the emerging cybersecurity risks of piracy, additional research into the potential impact of Kodi-enabled devices and piracy apps is needed, says the Alliance. But even given what we know already, steps should be taken to limit the risk. These include: