TV Piracy Comes with Malware Most of the Time

Content security risk is usually talked about in terms of studios losing money; but there’s another cost to consider: Internet users are 28 times more likely to be infected by malware if they use content theft sites.

A RiskIQ study has uncovered that content piracy is a $70 million underground market for cyber-criminals, preying on those who don’t want to pay for things like the latest season of Game of Thrones or the Walking Dead—the two most-pirated TV shows last year. And in fact, pirated TV and movies are among the most popular types of digital bait for malware purveyors, with one out of every three content theft sites exposing users to bad code.

Further, most of that activity is also done via drive-by downloads: nearly half (45%) of the malware is delivered without requiring the user to click on anything on the site.

"It's clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information," said Tom Galvin, executive director of the Digital Citizens Alliance, which commissioned the study. "It's criminal behavior, and it should be a wake-up call for consumers as well as law enforcement that a new front must open in the battle against cyber-criminals and malware peddlers exploiting Internet users."

RiskIQ probed a sample of 800 sites dedicated to distributing stolen movies and television shows and discovered there to be a common crime workflow pattern. Once a user visits a piracy site and is invisibly infected with malware, cyber-criminals often set up a back door or remote access gateway to be able to freely move around in the victim’s computer. Once hackers are in, they can use it for a wide range of criminal schemes where the user of the computer is the victim.

These include stealing bank and credit-card information, which is then sold on underground internet exchanges. After the hack, consumers find their bank accounts depleted or there are suspicious charges on their credit cards. RiskIQ noted that the credit-card information goes for anywhere from $2 to $135 per card credential.

Nefarious types could also use personal information to sell a person's identity to the highest bidder online; or, they could use ransomware to a user's computer and demand a ransom fee before returning access to their files.

And finally, perpetrators could use a computer as part of a botnet to commit ad fraud, spamming or denial of service attacks.

"Users beware. The data from this report shows a much higher incident rate of malvertising and malware delivery in general on torrenting sites," said Elias Manousos, CEO of RiskIQ. “Simply visiting these sites puts the device you use and your personal information at risk from malware, adware and spyware.”

He added, “Even more troubling is the ecosystem that has evolved to take advantage and monetize torrent traffic. While some torrent sites directly host malicious programs, most torrent publishers and malvertisers use ad and affiliate networks to deliver their exploits and malicious programs in exchange for payment."

Photo © Radu Bercan/

What’s Hot on Infosecurity Magazine?