Hackers are Targeting Piracy Apps to Install Malware and Steal Data

May 2, 2019

Hackers are tapping into a growing consumer trend: the use of illicit devices and apps to access pirated content to spread malware and exploit unsuspecting users, a Digital Citizens Alliance report found. Over the course of nine months, researchers observed malware from the piracy apps stealing user names and passwords, probing user networks and uploading data without consent.

Piracy devices are not only a threat to the legitimate content ecosystem but also to cybersecurity overall. With millions of devices – from phones, tablets and entertainment devices to smart TVs, thermostats and doorbells – entering the home, the ability of hackers to infiltrate a home via devices like the "Kodi box" is problematic.

The major findings of the investigation included the following:

As soon as a researcher downloaded the ad-supported illicit movie and live sports streaming app “Mobdro,” malware within the app forwarded the researcher’s WIFI network name and password to a server that appeared to be in Indonesia.
Malware probed the researcher’s network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded, without permission, 1.5 terabytes of data from the researcher’s device.
It’s the users themselves who are assisting hackers by enabling them to bypass critical network security by connecting the devices directly to a home network.
The researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber.
The shift towards piracy streaming mirrors the shift towards streaming overall. An estimated 12 million people in North America are active users of piracy apps and devices. Usage appears to come at a price: a Digital Citizens research survey of 2,073 Americans found that those who have used these devices and apps are six times more likely to have reported an issue with malware over the last 18 months.
Though a majority of Americans are somewhat familiar with these devices, they also aren’t familiar with how they work or the risks they could pose. According to Digital Citizens survey, 59 percent said, “most consumers are probably unaware of the security risks that can occur when plugging one of these devices into a home network, and if they did know, they would be much less likely to allow them in their home.”

While the threat is relatively new to illicit devices and pirate apps, the tactics follow a pattern that Digital Citizens found in prior research: bait consumers with offers of free content, infect those that take the bait with malware and steal vital personal information such as user names and passwords. In 2015, a Digital Citizens investigation found that 1 in 3 websites offering pirated content exposed consumers to malware that could steal personal and financial information and take over their computers to launch attacks.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.