CyberWarfare / ExoWarfare

Malware Infests Popular Pirate Streaming Hardware

Seems hard to feel bad for buyers & users of such devices …

Hardware that supports pirated video streaming content comes packed with malware.

You get what you pay for when you pirate content. That’s the takeaway from the latest report by Digital Citizens Alliance.

It found that pirating hardware, which enables free streaming copyright-protected content, comes packed with malicious malware. The devices give criminals easy access to router settings, can plant malware on shared network devices and are often leveraged to steal user credentials.

According to the Digital Citizens Alliance report (PDF), 13 percent of 2,073 Americans surveyed use a hardware device for pirating content. One such popular device is called a “Kodi box,” which is sold for between $70 to $100 on grey markets. Kodi is an open-source media player designed for televisions and developed by the XBMC Foundation. It’s widely known for its support of a bevy of copyright-infringing apps that offer free access to premium content from Netfix, Amazon Prime, Hulu, sports networks and paid subscription music services.

“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.

In a review of hardware and pirating apps, such as FreeNetflix, researchers said they found malware piggybacking on illegal apps and preloaded with content. For example, when researchers installed a live sports streaming app called Mobdro, the app forwarded the researcher’s Wi-Fi network name and password to a server in Indonesia.

 

Example of a jail broken Amazon Fire TV Stick for sale. Courtesy: Digital Citizens Alliance

 

In other instances, 1.5 terabytes of data was uploaded from a device that shared the same network of the Kodi box. And, in yet another instance, “researchers uncovered a clever scheme that enabled criminals to pose as well-known streaming sites, such as Netflix, to facilitate illegal access to a legitimate subscription of an actual Netflix subscriber,” according to the report.

For its investigation DCA partnered with GroupSense, a security firm that specializes in chatrooms that facilitate black market sales. It claims hackers were discussing how to leverage networks compromised by illicit media streaming services in hopes of recruiting them into DDoS botnets or to mine cryptocurrency.

“Given that users rarely install anti-virus tools on such devices, the opportunities for exploitation are numerous,” wrote researchers.

The unsavory worlds of pirated content and malware are no strangers. Researchers have long warned that patronizing such services is a shortcut to infection. Earlier this month, Kaspersky Lab released a report that found that illegal downloads of HBO’s Game of Thrones accounted for 17 percent of all infected pirated content in the last year.

 

Examples of apps running on the Kodi platform

 

In Aug. 2018 researchers at ESET said they found DDoS modules had been added to a Kodi third-party add-on. ESET said it also found copyright-infringing apps that came with multi-stage crypto-mining malware that targeted Windows and Linux systems.

As part of its report, DCA reached out to XBMC Foundation. XBMC quickly rebuffed any notion it tacitly supported or endorsed pirated content. “If you are selling a box on your website designed to trick users into thinking broken add-ons come from us and work perfectly, so you can make a buck, we’re going to do everything we can to stop you,” it told DCA.

The Kodi application typically runs on hardware, such as jailbroken media streamer Amazon Fire TV Stick, and is sold by independent resellers on eBay, Facebook Marketplace and Craigslist. DCA said it also found Kodi pre-installed on a number of devices including inexpensive China-made media streamers. The software can also be found on “legitimate” devices, that were sold pre-sideloaded with Kodi software.

DCA did its own independent testing over the course of 500 hours of lab testing. It estimates there are 12 million active users of the illicit devices in North American homes. Those users “present a tempting target because they offer hackers a new avenue to exploit consumers and a path to reach other devices on a home network. The findings should serve as a wake-up call for consumers, the technology community, and policymakers to take the threat seriously,” it said.

 

from: https://threatpost.com/kodi_box_malware/144191/