Both Consumers and Content Creators Lose with Piracy Apps

April 25, 2019

(Ed. Note: The “Innovation Fact of the Week” appears as a regular feature in each edition of ITIF’s weekly email newsletter. Sign up today.)

Most people know that online piracy takes a heavy toll on content creators. For example, streaming services, which includes services such as Netflix and Amazon, are projected to lose around $52 billion in lost subscription and ad revenue to piracy between 2016 and 2022—revenue that streaming services cannot pay content creators in royalties. However, what many consumers do not know is that piracy poses a significant cybersecurity threat, since pirated content often comes with a hidden cost: malware. Indeed, one in three piracy websites contains malware.

A new report by Digital Citizens Alliance (DCA), an organization focused on Internet safety, has found that many of those involved in illegal content piracy have been embedding malware in the piracy apps used with streaming media boxes. Streaming media boxes—such as Amazon Fire TV Stick, Apple TV, and Roku—allow consumers to stream movies, TV, and music. Many of these devices are legal and use licensed content. However, some criminal groups resell these legitimate devices or their own custom devices running the open-source Kodi software, preloaded with piracy apps for $75 to $100 on both the so-called “Dark Web”—hidden sites of the Internet used to conduct illicit activity—and legitimate venues such as Craigslist, eBay, and Facebook Marketplace.

Once consumers unwittingly purchase a pre-loaded streaming media box, malicious actors use the malware to facilitate a range of unwanted actions, from cyberattacks to unauthorized cryptocurrency mining to theft of user data. For example, DCA found evidence of malware in a piracy app forwarding a user’s Wi-Fi network name and password to a foreign server.

Bad actors have also used malware in piracy apps to launch distributed denial-of-service attacks (DDoS), which are cyberattacks that use groups of computers to overwhelm an online service with Internet traffic. For example, the developer of the popular Kodi add-on Exodus, which provides users pirated content, inserted malicious code into the software that allowed the developer to use infected devices to perform DDoS attacks against groups that threatened to expose his identity.

Similarly, some bad actors have inserted code to use consumers’ devices to mine cryptocurrency, which requires large amounts of computing power. Infected devices run slower and use more electricity, while the developer gets paid for the unauthorized cryptocurrency mining.

Finally, some malicious actors are treating piracy apps and add-ons for streaming media devices as opportunities to steal information and money from consumers. For example, DCA’s report noted that its partner, GroupSense, a cyber intelligence firm, found evidence on the Dark Web that some hackers are trying to create malware to modify piracy apps to steal consumer usernames and passwords. These hackers could use such information to log in to other consumer devices and accounts, especially when consumers reuse the same login information on multiple sites and services, as well as sell the stolen usernames and passwords for services such as Netflix. Perhaps an even more significant concern is that attackers could intercept Internet traffic to create man-in-the-middle attacks, whereby they can trick users into revealing sensitive information such as credit cards or other confidential information.

Consumers are often unaware of these possibilities and 13 percent of U.S. households have a device that uses pirated content, according to the report. Even more concerning, however, is that the malware installed on these devices can spread to other devices on the user’s home network, even those without the piracy app, by scanning the network for vulnerable devices. Indeed, Dark Wolfe Consulting, a cybersecurity firm that partnered with DCA, found evidence of malware probing networks to find vulnerable devices and content it could access.

Those engaging in IP theft often portray themselves as the digital era’s equivalent of Robin Hood—stealing from the rich to give to the poor. However, the reality is that today’s digital pirates are more like the Sheriff of Nottingham – villainous tyrants scheming to enrich themselves at the expense of all whom they encounter.

There is a clear lesson for consumers: do not use piracy apps. Do not download them and do not purchase streaming device boxes with these apps preloaded. They are untrustworthy. But there is also a lesson for government officials: if they want to take cybersecurity seriously, they are going to have to find more effective ways to crack down on illegal streaming, including doing a better job of limiting the import and sale of piracy-enabled streaming media boxes, educating consumers about the risks of malware on these devices, and bringing enforcement actions against companies or individuals willfully facilitating piracy, especially those that sell devices with hidden malware.