'Free' illegal downloads could cost you big in malware

Last year, the new season of the popular TV show Game Of Thrones was used as bait for a ransomware attack designed to infect as many as possible of the more than a million people who illegally downloaded the first episode within 12 hours. Thousands o
Last year, the new season of the popular TV show Game Of Thrones was used as bait for a ransomware attack designed to infect as many as possible of the more than a million people who illegally downloaded the first episode within 12 hours. Thousands of visitors to The Pirate Bay were infected with ransomware which was embedded within malicious "pop-under" advertising on the website and programmed to encrypt all files and data found on the victim's device. PHOTO: HBO ASIA

The fast transmission of digital data has facilitated access to online pirated content.

Among some consumers this has resulted in an expectation of getting "something for nothing" - an unfortunate by-product of the Internet era which has seen a huge devaluation in the work of artists, musicians, directors, actors and others making entertainment products.

A survey released by Singapore-based Sycamore Research, commissioned by our association, shows that two in five people surveyed online turn to pirated content , often using Android TV boxes (also known as Illicit Streaming Devices) to stream illegal content to their television sets.

Such devices, which are easily and cheaply available in Singapore, are configured with software that enables consumers to stream audio-visual content from an illegal streaming server.

Configuring TV boxes in this way allows the consumer to have plug-and-play access to subscription TV, live sports and films for free or at prices well below those of legitimate services.

Payment for access to illicit content can be wrapped into the purchase price of the device, or alternatively through annual "subscription" payments.

Some Singaporeans may think such acts are harmless. Or they may realise that content theft damages creative industries. But not many people recognise that digital piracy harms consumers themselves, because of the nexus between content piracy and malware.

Consumers who intentionally or unwittingly access pirated content by purchasing Illicit Streaming Devices (ISDs) to stream live sports events or view the latest TV shows may actually end up paying the hidden price of piracy.

Earlier this year, a fake Netflix application was discovered by cyber-security experts which could take control of a user's device (via an Android TV box or directly via a smartphone or smart TV).

Last year, the new season of the popular TV show Game Of Thrones was used as bait for a ransomware attack designed to infect as many as possible of the more than a million people who illegally downloaded the first episode within 12 hours. Thousands o
Last year, the new season of the popular TV show Game Of Thrones was used as bait for a ransomware attack designed to infect as many as possible of the more than a million people who illegally downloaded the first episode within 12 hours. Thousands of visitors to The Pirate Bay were infected with ransomware which was embedded within malicious "pop-under" advertising on the website and programmed to encrypt all files and data found on the victim's device. PHOTO: HBO ASIA

This piece of malware embedded in the fake Netflix application is known as a Remote Access Trojan (or RAT) and allowed hackers to gain access to the device's e-mails and data files as well as the webcam and microphone, and remotely record whatever they see or hear.

The fake app, downloaded from an unofficial source rather than from the Google Play Store, was designed to take photos or videos of their victims in intimate settings as well as gain access to passwords, contact lists, e-mails and text messages.

Such stolen data was used to humiliate and taunt victims, and sometimes for extortion.

In March, hackers were found to have embedded RAT spyware viruses in movie sub-titling applications designed to be downloaded onto TV boxes which use an open-source media player known as Kodi.

Unlike TV boxes manufactured by legitimate platforms, few ISDs have a mechanism to update the box's software when specific malware has been detected. One could say they are a ready-made RAT trap for consumers.

Users should have a right to know the nature of their vulnerabilities when buying or using any product or service; however, it is unlikely that re-sellers of ISDs have much concern (or knowledge) about the consumers' security or privacy.

Last year, thousands of visitors to the content theft site The Pirate Bay were infected with ransomware, which was embedded in malicious "pop-under" advertising on the website and programmed to encrypt all files and data found on the victim's device.

Once encrypted, each victim would have been left staring at a fixed landing page which threatened the permanent loss of all data unless a ransom payment was made within a specified time frame.

This ransomware attack against visitors to The Pirate Bay site was timed to use the start of the new season of the popular TV show Game Of Thrones as bait to infect the devices of as many as possible of the more than a million people who illegally downloaded the first episode within 12 hours.

Ransomware targets many different types of devices, from computers to ISDs, smart TVs and smartphones. In May this year, the WannaCry ransomware attack hit more than 150 countries, including Singapore.

A recent study by Malwarebytes highlights the growth of dangerous malware across Asia: Ransomware alone grew by more than 250 per cent from January to November last year.

The urgency of the malware threat and hackers targeting the piracy ecosystems' click-happy user-base still needs to be better understood and dealt with by governments and stakeholders.

In the United States, it has become a major component of the consumer risk discussion, with the Federal Trade Commission (FTC) recently warning consumers of the malware/piracy nexus.

" 'Something for nothing' sounds appealing, but often there's a hidden cost. If the something is a site or application offering free downloads or streams of well-known movies, popular TV shows, big-league sports, and absorbing games, the hidden cost is probably malware.

"Sites offering free content often hide malware that can bombard you with ads, take over your computer, or steal your personal information."

As the saying goes, an ounce of prevention is worth a pound of cure. So, what can Singaporean households do to make informed decisions and safeguard themselves?

Install apps and add-ons to your smart TV or devices only from trusted sources. Ensure device software, especially anti-virus and firewall protection, is up to date and consider covering the webcam lens when it is not in use.

And finally, stay away from content theft sites. The piracy ecosystem is a hotbed for malware, whether purchasing ISDs from Sim Lim Square or downloading content from infamous torrent sites. Sycamore research found that 74 per cent of self-confessed pirates recognise that accessing pirated TV shows, movies or live sports events places them at greater risk of getting viruses , spyware or other malware.

But apparently, their appetite for free content, or paying cheap subscription rates for stolen content, blinded them to the very real risks of malware infection. Trying to get something for nothing can come at a high price.

•Neil Gane is the general manager of the Coalition Against Piracy, Casbaa, an association for digital multichannel TV, content, platforms, advertising and video delivery throughout the Asia-Pacific.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on September 19, 2017, with the headline 'Free' illegal downloads could cost you big in malware. Subscribe