Piracy to Ads to Ransomware: Investigation Finds $121 Million in Dangerous Malicious Ads on Piracy Sites Designed to Trick Users into Infecting Their Devices
Investigators Hit With Ransomware and Other Attacks During Probe; Ad Intermediaries Promote Scare Tactics to Trick Users into Clicking on Ads
WASHINGTON, Sept. 15, 2022 /PRNewswire/ -- Visitors to piracy sites are bombarded with malicious ads that use scare tactics to trick them into downloading malware, including ransomware that takes over files to force victims to pay to regain access, a joint investigation by the Digital Citizens Alliance, White Bullet, and Unit 221B has found. The investigation also found that these malicious ads, called malvertising, are often enabled by ad intermediary companies that promote scare tactics and other dubious means to trick or entice users to click on dangerous ads.
The Unholy Triangle report highlights how piracy operators, malvertisers, and ad intermediaries profit off Internet users lured to suspect sites by the prospect of free content. The starkest example of the cyber threat was a ransomware attack that occurred while visiting a piracy site. Investigators were prompted to click on an ad – but instead found their files locked up, followed by a demand to make a payment to regain access: "All your files like pictures, databases, documents, and other important [sic]are encrypted with [sic]strongest encryption and unique key….Please note that you will never restore your data without payment."
"Ransomware is the most serious cyber threat that consumers, small businesses, governments, and corporations face," said Tom Galvin, executive director of the Digital Citizens Alliance. "The revelations that piracy operators, malvertisers, and ad intermediaries are profiting by harming Internet users is a wake-up call that we need a concerted and coordinated response to combat this growing threat."
Previous Digital Citizens Alliance research estimates piracy is a $2 billion-plus ecosystem fueled by illicit access to movies, TV shows, and live entertainment. While investigations have previously shown how piracy is used to infect devices, the Unholy Alliance report is the first to detail the relationship between piracy operators, malvertisers, and certain players in the ad intermediary ecosystem.
Digital Citizens, piracy advertising expert White Bullet, and cybersecurity firm Unit 221B undertook a months-long investigation that analyzed thousands of piracy sites, including well-known platforms such as Fmovies[.]to, Myflixer[.]to, and Dramacool9[.]co. The groups then conducted an in-depth analysis of advertising and threats on the most-visited piracy sites or those that had the most malvertising.
The investigation, conducted over the last several months, found:
- Piracy operators generate an estimated at least $121 million in revenues by allowing malvertisers to victimize their users. Beyond ransomware, investigators found malicious ads containing malware that seek access to a user's device to steal banking information, download spyware to track a user's activities, or flag the device for a future attack.
- Malvertising generates enormous revenue for piracy operators. Malvertising accounted for 12 percent of the total ads on piracy sites. More than half of the $121 million generated ($68.3 million) came from U.S. visits to these sites – suggesting that U.S. Internet users are especially at risk.
- Malvertising is widespread on piracy sites. Nearly 80 percent of pirate sites served up malware-ridden ads to their users. And the volume of malvertising targeting pirate-site users is significant. Visitors to piracy sites faced an estimated 321 million ads designed to harm them.
- Instead of prohibiting harmful content, some ad intermediaries are willing to facilitate campaigns involving blatantly misleading ads, such as a false claim that the user has a computer virus, or coach illicit actors on effective tactics to frighten or otherwise entice users to click on ads.
In one example, investigators approached ad intermediary RichAds to see if it would approve a proposed ad clearly designed to deceive users. RichAds approved it even though the ad falsely warned users that their device had a virus to trick them into downloading "a security tool" that is malware.
- While not every visit to a piracy site results in malware, the investigation found that -- on average -- 1 in 6 times a visit to a piracy site leads to an attempt to serve malware.
- As a follow-up to the report, a Digital Citizens survey found that Americans who visit piracy sites are two to three times more likely to report an issue with malware than those who say they haven't visited these sites.
"This report confirms what content owners have suspected for years – that using piracy services is likely to harm consumers through malware infection," says Peter Szyszko, CEO and founder of White Bullet. "We collect vast amounts of advertising data on piracy services and track its value. Clearly it is not just brands who are to blame for funding piracy through ad placement; ad tech companies need to be vigilant about where they place ads and the type of ads they accept. Piracy services seek to make as much money as possible – whether from legitimate but misplaced ads or from malicious actors. The ad industry needs to stop funding piracy, or, as we can now see, content owners and consumers all suffer."
"The level of deception on pirate movie sites is alarming," said Shaun Gallagher, Chief Technology Officer at Unit 221B. "Threat actors with ties to Russia are using these sites to prey on American consumers. These malware pushers grab every ounce of profit they can with no regard for the damage they cause. A couple innocent clicks could lead to a severe violation of privacy and cost hundreds of dollars, as consumers are bombarded with malicious ads containing ransomware and adware."
The full report can be found here.
For more information, contact Adam Benson at 202.999.9104 or [email protected].
The Digital Citizens Alliance is a nonprofit, 501(c)(6) organization that is a consumer-oriented coalition focused on educating the public and policymakers on the threats that consumers face on the Internet. Digital Citizens wants to create a dialogue on the importance for Internet stakeholders— individuals, government, and industry—to make the Web a safer place. Based in Washington, DC, the Digital Citizens Alliance counts among its supporters: private citizens, the health, pharmaceutical, and creative industries, as well as online safety experts and other communities focused on Internet safety. Visit us at www.digitalcitizensalliance.org.
Founded in 2013 by a leadership team of experienced Intellectual Property lawyers from the media and advertising industries, White Bullet offers companies piracy risk data and protection, brand safety solutions, and full transparency on their advertising placement and digital supply chains.
White Bullet works collaboratively with brands, policymakers, and the advertising industry to safeguard advertising spend and prevent ad placements from appearing on IP Infringing domains and apps. White Bullet is a certified brand safety anti-piracy solutions provider under the advertising industry regulator TAG and is a stakeholder to the EU Commission Memorandum of Understanding on Advertising and IPR.
White Bullet comprises IP experts and dedicated technical engineers who specialize in AI, big data models, and predictive machine learning. The team includes highly skilled investigators and data analysts experienced in tackling the funding and distribution of pirated content. With offices in London, New York, and Los Angeles, White Bullet advises policymakers and government bodies on regulatory and compliance programs globally.
Unit 221B, LLC focuses on products and services designed for selected clients, primarily those seeking discreet advanced cyber requirements and operations. We are comprised of unique specialists in the fields of information security, cryptography, forensics, legal, investigations, law enforcement, and intelligence.
SOURCE Digital Citizens Alliance
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article