You get what you pay for when you pirate content. That’s the takeaway from the latest report by Digital Citizens Alliance.
It found that pirating hardware, which enables free streaming copyright-protected content, comes packed with malicious malware. The devices give criminals easy access to router settings, can plant malware on shared network devices and are often leveraged to steal user credentials.
According to the Digital Citizens Alliance report (PDF), 13 percent of 2,073 Americans surveyed use a hardware device for pirating content. One such popular device is called a “Kodi box,” which is sold for between $70 to $100 on grey markets. Kodi is an open-source media player designed for televisions and developed by the XBMC Foundation. The software is widely known for its support of a bevy of copyright-infringing apps that offer free access to premium content from Netfix, Amazon Prime, Hulu, sports networks and paid subscription music services.
“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.
In a review of hardware and pirating apps, such as FreeNetflix, researchers said they found malware piggybacking on illegal apps and preloaded with content. For example, when researchers installed a live sports streaming app called Mobdro, the app forwarded the researcher’s Wi-Fi network name and password to a server in Indonesia.
In other instances, 1.5 terabytes of data was uploaded from a device that shared the same network of the Kodi box. And, in yet another instance, “researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber,” according to the report.
For its investigation DCA partnered with GroupSense, a security firm that specializes in chatrooms that facilitate black market sales. It claims hackers were discussing how to leverage networks compromised by illicit media streaming services in hopes of recruiting them into DDoS botnets or to mine cryptocurrency.
“Given that users rarely install anti-virus tools on such devices, the opportunities for exploitation are numerous,” wrote researchers.
The unsavory worlds of pirated content and malware are no strangers. Researchers have long warned that patronizing such services is a shortcut to infection. Earlier this month, Kaspersky Lab released a report that found that illegal downloads of HBO’s Game of Thrones accounted for 17 percent of all infected pirated content in the last year.
In Aug. 2018 researchers at ESET said they found DDoS modules had been added to a Kodi third-party add-on. ESET said it also found copyright-infringing apps that came with multi-stage crypto-mining malware that targeted Windows and Linux systems.
As part of its report, DCA reached out to XBMC Foundation. XBMC quickly rebuffed any notion it tacitly supported or endorsed pirated content. “If you are selling a box on your website designed to trick users into thinking broken add-ons come from us and work perfectly, so you can make a buck, we’re going to do everything we can to stop you,” it told DCA.
The Kodi application typically runs on a wide range of hardware and is sold by independent resellers on eBay, Facebook Marketplace and Craigslist. DCA said it also found Kodi pre-installed on a number of devices including inexpensive China-made media streamers. The software can also be found on devices, that were sold pre-sideloaded with Kodi software. Users can also choose to install the Kodi application on existing hardware.
To be clear, the Kodi software is not illicit. Rather, researchers are concerned the Kodi platform supports pirating apps that can harbor malware. Researchers are also concerned that some hardware devices that are sold as “Kodi boxes” come pre-installed with malicious code and apps used to pirate streaming content.
DCA did its own independent testing over the course of 500 hours of lab testing. It estimates there are 12 million active users of the illicit devices in North American homes. Those users “present a tempting target because they offer hackers a new avenue to exploit consumers and a path to reach other devices on a home network. The findings should serve as a wake-up call for consumers, the technology community, and policymakers to take the threat seriously,” it said.