Content theft sites and malwareCybercriminals exploit pirates sites to spread malware & steal personal data

Piracy website operators have  always been incentivized by the desire to make a buck, but with online advertisers and payment processors continuing to cut ties, thieves are finding other ways to make money off their content theft. The lure of “free” movies still attracts visitors like moths to a flame, but now–instead of being blanketed with ads served by the likes of Google’s AdSense–according to a new study, consumers who use pirate sites risk having their computers infected with nefarious malware.

33% of Content Theft Sites Expose Users to Malware

33% of content theft sites contain malwareThe study, released this week by the Digital Citizens Alliance*, reports that one out of every three content theft sites contain malware.  The DCA investigated the burgeoning malware economy and published its results in a report released yesterday, “Digital Bait-How Content Theft Sites and Malware are Exploited by Cybercriminals to Hack into Internet Users’ Computers and Personal Data” The investigation was conducted by internet security firm RiskIQ, and examined how hackers who gain access to personal computers can wreak havoc by:

>> Stealing bank and credit card information that is then sold on underground Internet exchanges. After the hack, consumers find their bank accounts depleted or suspicious charges on their credit cards. There is an underground market for credit card information that ranges from $2 to $135 per credit card credential.

>> Finding personal information that makes it easier to sell a person’s identity to the highest bidder online. In July, the FBI added five online criminals to its “Most Wanted” list for creating computer programs that stole identities and financial information.

>> Locking a user’s computer and demanding a ransom fee before returning access to their files.

Malware on pirate sitesThe majority of malware installed fell into two categories, Trojans (designed to spy on users’ computers) or Adware that takes over the computer and to use for advertising fraud schemes.

The study found that malware can attack both computers and tablets.  The risks to consumers are many:

Identity Theft is the biggest problem.  Trojans designed to steal consumers private credentials allow thieves to sell the data via cyber criminal networks.  The theft leaves consumers credit and financial information vulnerable to exploitation worldwide.

Ransomeware is another type of malware that can infect a consumer’s computer, allowing thieves to encrypt user data and hold it hostage.  The victim receives a message demanding payment to unlock their files.  Ransom demands range from a few hundred dollars to thousands.  According to the FBI, 18 million in losses can be attributed to ransomware in 2015.

Another insidious type of malware, highlighted in an earlier DCA report, “Selling Slaves”  is a type of Trojan called a RAT (Remote Access Trojan) that infects computer and controls webcams to sell voyeuristic streams of unsuspecting victims to porn networks.  These infections have been used to take compromising photos that are then used in blackmail schemes.

drive-by-downloads-malwareHow does this malware infect computers?  It varies.  Sometimes unsuspecting users trying to download a pirated movie inadvertently click a download link.  Other types of malware can latch hold of a visitors computer simply when a web page is opened.  These are referred to as “drive by downloads.”

In many ways these malware schemes and the networks that operate them resemble the cyberlocker affiliate piracy model of old.  While the latter harmed content creators, this evolving Darknet “Crimeware Economy” victimizes those who visit content theft sites.

Like any market, the crimeware market has evolved to reflect a division of labor. Within the DarkNet are dozens of unique product and services categories.Anyone from professional criminals to nation states can purchase Trojan malware, Exploit kits/packs, or services such as dedicated hosting or Distributed Denial-of-Service attack services. Many of these products and services come complete with service agreements and money-back guarantees.

Malware affiliate earningsAs with cyberlocker affiliate schemes, this crimeware market offers rewards to website operators for every malware app that’s installed.  According to the study, one network, Advertising Underground, claims a conversion rate of 1 download per 7 visits.  An affiliate can earn $2 for each.

Bottom line, the threat posed by content theft sites has grown to include consumers and legitimate companies.  Market giants like Apple, Adobe, Microsoft and Google are working to mitigate the threat of malware in app stores, in operating systems and online.

Google allows malware sites in search resultsWhy doesn’t Google de-list malware sites from its search engine?

Moving forward it will also be worth watching to see how Google handles this growing threat of malware-infected sites via its search algorithm.  Google currently offers web browsers a warning if malware is detected and supposedly provides a warning on malware infected sites in its search results too, but why leave them indexed at all?   If Google decided to allow its search algorithms effectively screen out these pirate malware sites it could go a long way to effectively cutting off traffic, the lifeblood of these criminal enterprises.  Google offers “safe browsing” but will it offer “safe” searching as well?

Perhaps as we move forward in this discussion the interests of tech and creators can coalesce around this issue.  These malware sites pose a threat to everyone.  It’s in our best interest to work together to find a way to build an online eco-system where crime doesn’t pay.

*I am a member of the Digital Citizens Alliance’s Advisory Board