How Cyber Criminals use Ads to Compromise Devices through Piracy Websites and Apps

The Asia Video Industry Association (AVIA), with Dr Paul Watters, CEO of Cyberstronomy, has released a report, “Time to Compromise” which replicates the user journey for consumers who access piracy apps and streaming websites, with a specific view to understanding the scale and risk for these consumers, as well as outline some strategies to reduce risk for consumers, and indicate regulatory measures which may assist in a large-scale reduction of malware infection, by reducing the accessibility of these sites, reducing the rewards, and making such sites more difficult to operate.

A recent study found that educating consumers about malware risks from visiting piracy sites or using piracy apps could reduce malware infections by 31%. This study used variables linking demographic data, cybersecurity knowledge and perceived risks from a sample of more than 5,000 people around the Asia-Pacific region.

In this study, the objective was to see if consumer perceptions about malware risk and piracy were true (or not), by simulating a user who visited these sites to view streamed content, and then to examine what actual malware infections were encountered. The prediction was that malware would be installed, potentially leading to devices being ransomed, malicious advertising being displayed, or user identities being stolen through credentials being stolen.

What was found was that a typical user visiting these sites would be infected by ransomware, several trojan horses, and other Advanced Persistent Threats (APTs) within 42 seconds on a Windows machine, and 1:18 for an Android device. The results support the hypothesis that there is a nexus between piracy and malware infections, where site operators generate significant revenue from allowing malicious ads to be placed on their sites. Malware authors can in turn gain access to consumer PCs and mobile devices, and all of the data held in storage, but also access to banking login details and other sensitive logins.

This malware could also spread laterally within a home or corporate network, potentially impacting critical business operations, or used as the launchpad for identity theft and identity fraud. Consumers were also at legal risk from signing up to proxy servers which have allegedly been used to participate in DDoS and other attacks in the past.

Piracy continues to cause a significant financial impact on the entertainment industry, especially the more contemporary misuse of streaming websites and applications. Streaming provides a real-time, live experience, with premium content relayed in real-time to consumers through a range of technologies, including streaming websites and specialized streaming applications. These illicit sites and applications, in turn, are funded by advertising, creating an enormous business opportunity for organized crime, while at the same time depriving rightsholders and creators of their income. This reduces the incentive for investment in the industry and reduces the rewards for creatives and artists around the world.

A recent report by the online consumer safety group Digital Citizens Alliance (2021) and brand safety specialist White Bullet Solutions found that illicit streaming websites and apps were generating an estimated US$1.34 billion in annual revenues through advertising. The top 5 of these sites were generating an average US$18.3 million from advertising, and the top 5 apps were generating an average US$27.6 million. The relatively higher revenues from apps versus websites indicates that mainstream brands are once again returning to where the consumer “eyeballs” are most likely to be. Major brands paid more than US$100 million to advertise through illicit streaming apps last year.

The real challenge lying ahead is to reinforce the point to consumers that these “free” services are running as an illicit business, and that the site operators need to recover their costs and make a profit. They do this by selling advertising, with some of those advertisers dropping malware to steal identities and commit fraud. Further user education and awareness is needed, as well as tools which can be deployed at the point of installation to warn and deter users from harming themselves and others.