Pirate streaming services housed malware in abundance, reveals report
- The report by Digital Citizens Alliance throws light on how bad actors hinge on piracy apps and illicit streaming devices for malicious activities.
- The actors primarily deployed malware on these devices to steal usernames and passwords, probe into user networks and upload sensitive data without consent.
Digital Citizens Alliance (DCA), a non-profit organization focused on raising awareness on Internet safety issues, has come up with a new report concerning pirated content. The report highlights a detailed investigation carried out by its research team. It revealed insights on how attackers exploited pirated content to deploy malware, and then go on to steal passwords and conduct other malicious activities.
Key findings in the report
- Malware was found on pirate apps that were used to watch movies, sports, and other content that came pre-loaded on rogue devices.
- Content downloaded from ‘Mobdro’ app had a malware which captured the Wi-Fi’s network name and password, and sent it to a server in Indonesia. Mobdro is an illegal movie and live sports streaming app.
- It also probed the entire network for vulnerabilities in order to access files on other devices.
- In one of the researcher’s devices, the malware uploaded 1.5 TB of data without permission.
- The investigation also revealed an unlawful scheme that enabled cybercriminals to impersonate well-known streaming sites, such as Netflix, in order to access content from actual Netflix subscribers.
- Compromised versions of streaming devices – including Amazon Fire TV Sticks and “Kodi boxes” – were sold on digital marketplaces such as eBay, Craigslist, and Facebook Marketplace.
Countermeasures to stop pirated content
DCA has also put out a number of steps to counter pirated content in order to stop attackers from harboring malicious tools and activities.
“Consumer protection agencies, both at the federal and state level, should warn consumers about the risks that illicit devices and piracy apps pose to their security and to their home devices,” suggested one of the steps.