Hackers using piracy devices and apps to infect users with malware

Thursday, April 25th, 2019
Digital Citizens Alliance logo

Boxed In: Hackers Targeting Piracy Devices and Apps to Infect Users with Malware, Report Finds

  • Millions of Kodi Boxes and Jailbroken Fire TV Sticks Offer New Avenues for Hackers to Steal User Names and Passwords and Breach Networks
  • Piracy and Malware Correlation? Users of Piracy Device and Apps are Six Times More Likely to Report Trouble with Malware, Research Finds
  • Illegal Scheme Uncovered to Monetize Stolen Netflix Accounts

WASHINGTON, DC — Hackers are tapping into a growing consumer trend, the use of illicit devices and apps to access pirated movies, TV shows and live programming, to spread malware and exploit unsuspecting users, a Digital Citizens Alliance investigation has found. Over the course of its nine-month probe, Digital Citizens observed malware from the piracy apps stealing user names and passwords, probing user networks and surreptitiously uploading data without consent. Investigators also found an illegal scheme to monetize stolen Netflix accounts and ads for premium brands.

The Digital Citizens investigation was conducted in conjunction with Dark Wolfe Consulting, a cybersecurity company that specializes in network security, penetration testing, and targeted malware collection via customized honeypots. The major findings of the investigation included the following:

  • As soon as a researcher downloaded the ad-supported illicit movie and live sports streaming app “Mobdro,” malware within the app forwarded the researcher’s WIFI network name and password to a server that appeared to be in Indonesia.
  • Malware probed the researcher’s network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded, without permission, 1.5 terabytes of data from the researcher’s device.
  • It’s the users themselves who are assisting hackers by enabling them to bypass critical network security by connecting the devices directly to a home network.
  • The researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber.

The shift towards piracy streaming mirrors the shift towards streaming overall. An estimated 12 million people in North America are active users of piracy apps and devices. And usage appears to come at a price: a Digital Citizens research survey of 2,073 Americans found that those who have used these devices and apps are six times more likely to have reported an issue with malware over the last 18 months.

“What the investigation shows is that as piracy shifts from websites and downloads to devices and apps, hackers are adapting and finding new ways to exploit consumers,” said Tom Galvin, Executive Director of Digital Citizens. “Consumers think these devices are like an Apple TV or Roku device, but they have a distinct difference: they have little to no incentive to protect their users. In other words, they are perfect for hackers.”

Though a majority of Americans are somewhat familiar with these devices, they also aren’t familiar with how they work or the risks they could pose. According to Digital Citizens survey, 59 percent said, “most consumers are probably unaware of the security risks that can occur when plugging one of these devices into a home network, and if they did know, they would be much less likely to allow them in their home.”

While the threat is relatively new to illicit devices and pirate apps, the tactics follow a pattern that Digital Citizens found in prior research: bait consumers with offers of free content, infect those that take the bait with malware, and steal vital personal information such as user names and passwords. In 2015, a Digital Citizens investigation found that 1 in 3 websites offering pirated content exposed consumers to malware that could steal personal and financial information and take over their computers to launch attacks.

Given the emerging cybersecurity risks of piracy, additional research into the potential impact of Kodi-enabled devices and piracy apps is needed. But even given what we know already, steps should be taken to limit the risk. These include:

  • Law enforcement should prioritize the investigation and prosecution of these criminal networks.
  • Consumer protection agencies, both at the federal and state level, should warn consumers about the risks that illicit devices and piracy apps pose to cybersecurity and to their home devices.
  • Government agencies and corporations should warn employees of the potential risks of using these devices over their organization’s networks, so they don’t become a pathway to gain access to agency networks or steal sensitive information.
  • Digital marketplaces such as eBay, Craigslist, and Facebook Marketplace should ban the sale of piracy devices.