Digital Citizens Alliance issues security warning about Fishing in the Piracy Stream

ShadowHammer supply-chain attack

The Internet Security Organization Digital Citizens Alliance (DCA) recently released a report that many cracked streaming media devices favored by pirated users are flooded with malware. These cracking devices are sold through channels such as eBay, Craigslist or Darknet, and are priced between $75 and $100.

ShadowHammer supply-chain attack

Functionally, it doesn’t have much hardware difference with popular streaming devices on the market, such as Amazon’s Fire TV Stick. The difference is that these devices claim to be able to watch completely free including movies, television all the contents of drama, variety and sporting events, including even some resources available to pay out of already before the user.

While pirated users enjoy these pirated resources for free, there are also serious security risks. These pre-installed applications often contain malicious programs that send WiFi network names and passwords to unknown third parties and upload “1.5TB” of data to the attacker’s server without authorization. Some clever hackers even created a fake version of Netflix that hijacked the details of a user account during a visit.

Below is the highlight on the “Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm” report

  • Researchers discovered malware on apps used to illegally watch movies, sports, and other content that came pre-loaded on devices.
  • As soon as a researcher downloaded the ad-supported illicit movie and live sports streaming app “Mobdro,” malware within the app forwarded the researcher’s Wi-Fi network name and password to a server that appeared to be in Indonesia.
  • Malware probed the researchers’ network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded, without permission, 1.5 terabytes of data from the researcher’s device.
  • Mobdro sought access to media content and other legitimate apps on the researcher’s network.
  • The researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber.
  • Compromised versions of streaming devices – including Amazon Fire TV Sticks and “Kodi boxes” – are being sold on mainstream digital marketplaces such as eBay, Craigslist, and Facebook Marketplace.
  • Researchers found pirate apps supported by advertising, including ads for premium brands such as Amazon and Mini Cooper. The use of premium ads to both fund and legitimize criminal or rogue websites or apps is an ongoing cause of concern for the advertising industry as well as premium brands.