Malware Infests Popular Pirate Streaming Hardware

Hardware that supports pirated video streaming content comes packed with malware.

You get what you pay for when you pirate content. That’s the takeaway from the latest report by Digital Citizens Alliance.

It found that pirating hardware, which enables free streaming copyright-protected content, comes packed with malicious malware. The devices give criminals easy access to router settings, can plant malware on shared network devices and are often leveraged to steal user credentials.

According to the Digital Citizens Alliance report (PDF), 13 percent of 2,073 Americans surveyed use a hardware device for pirating content. One such popular device is called a “Kodi box,” which is sold for between $70 to $100 on grey markets. Kodi is an open-source media player designed for televisions and developed by the XBMC Foundation. The software is widely known for its support of a bevy of copyright-infringing apps that offer free access to premium content from Netfix, Amazon Prime, Hulu, sports networks and paid subscription music services.

“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.

In a review of hardware and pirating apps, such as FreeNetflix, researchers said they found malware piggybacking on illegal apps and preloaded with content. For example, when researchers installed a live sports streaming app called Mobdro, the app forwarded the researcher’s Wi-Fi network name and password to a server in Indonesia.

Example of Jail Broken Amazon Fire TV Stick

Example of a jail broken Amazon Fire TV Stick for sale. Courtesy: Digital Citizens Alliance

In other instances, 1.5 terabytes of data was uploaded from a device that shared the same network of the Kodi box. And, in yet another instance, “researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber,” according to the report.

For its investigation DCA partnered with GroupSense, a security firm that specializes in chatrooms that facilitate black market sales. It claims hackers were discussing how to leverage networks compromised by illicit media streaming services in hopes of recruiting them into DDoS botnets or to mine cryptocurrency.

“Given that users rarely install anti-virus tools on such devices, the opportunities for exploitation are numerous,” wrote researchers.

The unsavory worlds of pirated content and malware are no strangers. Researchers have long warned that patronizing such services is a shortcut to infection. Earlier this month, Kaspersky Lab released a report that found that illegal downloads of HBO’s Game of Thrones accounted for 17 percent of all infected pirated content in the last year.

Examples of apps running on the Kodi platform

Examples of apps running on the Kodi platform.

In Aug. 2018 researchers at ESET said they found DDoS modules had been added to a Kodi third-party add-on. ESET said it also found copyright-infringing apps that came with multi-stage crypto-mining malware that targeted Windows and Linux systems.

As part of its report, DCA reached out to XBMC Foundation. XBMC quickly rebuffed any notion it tacitly supported or endorsed pirated content. “If you are selling a box on your website designed to trick users into thinking broken add-ons come from us and work perfectly, so you can make a buck, we’re going to do everything we can to stop you,” it told DCA.

The Kodi application typically runs on a wide range of hardware and is sold by independent resellers on eBay, Facebook Marketplace and Craigslist. DCA said it also found Kodi pre-installed on a number of devices including inexpensive China-made media streamers. The software can also be found on devices, that were sold pre-sideloaded with Kodi software. Users can also choose to install the Kodi application on existing hardware.

To be clear, the Kodi software is not illicit. Rather, researchers are concerned the Kodi platform supports pirating apps that can harbor malware. Researchers are also concerned that some hardware devices that are sold as “Kodi boxes” come pre-installed with malicious code and apps used to pirate streaming content.

DCA did its own independent testing over the course of 500 hours of lab testing. It estimates there are 12 million active users of the illicit devices in North American homes. Those users “present a tempting target because they offer hackers a new avenue to exploit consumers and a path to reach other devices on a home network. The findings should serve as a wake-up call for consumers, the technology community, and policymakers to take the threat seriously,” it said.

Suggested articles


  • Sahne Tam on

    Wtf is a jail broken fire TV stick? You can load your own apks on it out of the box?
  • Freonpsandoz on

    A "Kodi Box" is simply an Android streaming device. These are completely legal, and can be purchased on Amazon. Kodi can be used legally on these devices or Fire TV devices to stream media files from your computer and to access legal free streaming services like USTVNow, But if you buy such a device pre-loaded with apps that access pirated streams, don't be surprised if malware has also been installed.
  • Chico Guerrera on

    "That’s the takeaway from the latest report by Digital Citizens Alliance". Which presumably is some sad copyright industry creation.
  • Jan Lána on

    Malware infects popular operating system XXX!!! (substitute XXX with any OS name) Researches found, that users that installed third-party software on their OS, could get a copyright-infringing apps that came with multi-stage crypto-mining malware that targeted theie router, watches, ear plugs, mobile phone, pacemaker.... Uff, this article does not contain any information that Kodi project name. Is it a PR article?
  • jParnell on

    The author of this article lost all credibility the moment I read "The Kodi application typically runs on hardware, such as jailbroken media streamer Amazon Fire TV Stick [...]" It doesn't take a jailbroken Fire Stick to install Kodi. You literally have to check the box in settings that says "Install apps from unknown sources". This has been a supported functionality of Android (on which FireOS is built) since inception. An OEM provided functionality is, by it's very definition, not jailbreaking. "The software can also be found on 'legitimate' devices [...]" Be careful of your wording... This sounds like borderline libel. Kodi is a very powerful software tool that has, and is built for, legitimate uses. I stream my iTunes library of legally purchased movies, TV shows, and music to my Xbox one through the user of Kodi. Saying that Kodi is only or even primarily used for pirating content is an egregious insult to the developers who have worked for years to provide an incredible toolset, free of charge. That's akin to saying "There are some people named Tom Spring that are 'intelligent' people..." The statement implies that yes, they do exist, but we're not talking about that particular minority at the moment. This article does itself, the author, the site, and anybody who reads it and is ignorant about the subject matter, a grave injustice.
  • itsme on

    It would help if you would have included information on how to remove malware from your fire stick.
  • Bob on

    It’s like saying Microsoft supports a bevy of pirating apps because you can run them on Windows.
  • Harry Barracuda on

    Sponsored rubbish from a fake industry-sponsored copyright advocate.
  • Anonymous on

    SOOO. is anyone suprised?
  • Anonymous on

    Scaremongering bullsh*@%tis
  • Anonymous on

    This article is full of crap, I'll be in push by the movie and TV industry that's trying to stop legal means of watching media.
  • Day-Vee Buoy on

    Anti-Consumer, Media Cartel Propaganda.
  • Stephen on

    The scare tactics are real with this one.
  • Anonymous on

    Exactly ,I burst out laughing when they say jailbroken as if you've got to be some master hacker to load a firestick lol

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.