Criminals are increasingly using illegal websites and services with entertainment content such as films and TV series to scam consumers or target them with phishing and malware, according to the Dutch anti-piracy agency BREIN. One of the latest was reported by Microsoft during the first week of March: a sophisticated malicious advertising attack against Windows devices. But it’s not just computers.
In a case detailed by the cybersecurity firm HUMAN Security, illegal Android set-top boxes sold with illegal IPTV subscriptions have a “back door” from which a criminal operation called BADBOX remotely accesses them via the internet for their own purposes.
According to HUMAN Security, BADBOX is a global network of consumer products with firmware backdoors installed and sold through a normal hardware supply chain. Several types of fraud come from the infected devices:
- Ad fraud (both through apps developed and owned by the fraudsters, and through hidden WebViews independent of any apps)
- Residential proxy services (using backdoored devices as the exit points)
- Fake email and messaging accounts
- Remote un-permissioned code installation
That box seller also sold access to these backdoors to others and advertised an offer of more than ten million households with such a backdoor.
Another example comes from a report from The Shadowserver Foundation, which identified nearly 600,000 infected boxes which execute a sort of ‘sleeper’ attack, where malware is installed undetected and executes later.
What gets targeted
Your phone and laptop are the main targets, but other “smart devices” such as your smart TV can also be infected. By using infected devices to access their services, attackers gain a presence in your living room, where you become vulnerable to all kinds of cyber attacks and theft of your private data.
BREIN also sees old school fraud, for example, because devices are sold via the internet with which the latest films and series can supposedly be watched without limits, but in reality consumers are sent an empty media player, even though they paid from 70 to 140 euros for one that was advertised as being loaded with pirated media.
Further reading
Consumers more often victims when using illegal sources: 1 million victims of malvertising illegal streaming websites. Article. March 10, 2025. BREIN Foundation (Netherlands)
Trojans all the way down: BADBOX and PEACHPIT. Report. October 4, 2023. HUMAN Security
Nearly 600,000 Android TV boxes infected with Vo1d malware. Article. September 16, 2024. Security.nl
Why it matters
“By purchasing an illegal IPTV subscription, you run the risk of becoming a victim of criminals, after all, you are taking out a subscription with a criminal organization with all the associated risks,” says BREIN director Bastiaan van Ramshorst.
“These types of parties are only about making money. The chance that you as a consumer will become a victim of these criminals if you consume from illegal sources is not theoretical. It happens. That is now evident again. If you use legal sources, you do not run this risk and subscription fees are used to make new beautiful productions so that the consumer can enjoy all those beautiful films and series again. In short, it is always wiser to choose legal sources such as Videoland, NLZIET, GO ANIME, Netflix, Disney+ etc.,”
