DCA report: Pirates, ‘malvertisers’ and ransomware make ‘Unholy Triangle’

Sponsor ad - 728w x 90h (at 72 dpi)

Just as pirates burnish their ‘brands’ by hijacking legitimate advertising into pirate apps and Web sites, pirates also profit from malicious ads that extract ransom payments from consumers, according to a new report by the Digital Citizens Alliance, White Bullet Solutions and Unit 221B, a cybersecurity company.

Malicious advertisers, called ‘malvertisers,’ pay handsome commissions to pirate sites that run their ads.  Clicking on the ad triggers an attack that can lock a computer or its files until a ransom is paid.

Sponsor ad

The investigation analyzed thousands of piracy sites, followed by an in-depth analysis of advertising and threats on the most-visited piracy sites and those that had the most malvertising.

Widespread impact

In addition to installing malware, malicious ads seek access to steal banking information, download spyware to track a user’s activities, or identify devices for later attacks

  • Visitors to piracy sites faced an estimated 321 million malicious ads, constituting 12 percent of the total ads on piracy sites in 2021.
  • The research revealed that nearly 80 percent of pirate sites served up malware-ridden ads to their users.
  • More than half of the $121 million they generated came from visits to these sites  by US consumers.
  • Investigators found that one out of every six visits to piracy sites lead to an attempt to serve malware.

Investigators were victimized by a ransomware attack that encrypted their computer files. The criminals demanded payment to unlock them.

What they looked like

Pirates are good at enticement: free movies, TV shows, and live content, with an environment that encourages people to click when they’re told to.

  • Pop-up ads that appear with movie listings on a pirate site
  • ‘Malvertisements’ took on a variety of forms, including:
  • Malware disguised as security warnings
  • Ads for ‘PC utilities’ such as photo recovery tools
  • Pop-up dialog-boxes that look like common error messages – click ‘OK’ to troubleshoot

The report summarizes: “Piracy is the ideal environment to target Internet users. Visitors to piracy sites make malicious actors’ jobs easy by voluntarily venturing into the killing fields.”

Second report

Following on to Breaking (B)ads: How Advertiser-Supported Piracy Helps Fuel a Booming Multi-Billion Dollar Illegal Market, a 2021 report by DCA and White Bullet Solutions which found that $1.3B in stolen advertising went to pirate sites and apps through Amazon, Google and others – this new report illuminates a separate sector of fraudulent advertising, the ecosystem of malicious ads.

Read the new report

Unholy Triangle: From Piracy to Ads to Ransomware: How Illicit Actors Use Digital Ads on Piracy Sites to Profit by Harming Internet Users, published September 2022

Why it matters

“Ransomware is the most serious cyber threat that consumers, small businesses, governments, and corporations face,” said Tom Galvin, executive director of the Digital Citizens Alliance. “The revelations that piracy operators, malvertisers, and ad intermediaries are profiting by harming Internet users is a wake-up call that we need a concerted and coordinated response to combat this growing threat,” he said.

Pirate streaming sites and apps designed by professionals look good enough to deceive consumers into thinking the sites are legitimate.  Combine that with compelling content and free offers, and the trap is set.

Print Friendly, PDF & Email
From our Sponsors