A study posted by Kaspersky Lab analyzes how pirates, posing as leading streaming video services, inflict malicious attacks on consumers who believe they are following legitimate requests. The study’s estimates are based on measurements taken by the Kaspersky Security Network (KSN) system, for five major streaming platforms: Netflix, Hulu, Amazon Prime Video, Disney + and Apple TV Plus
As more streaming services come on the scene, password theft has become a lucretive opportunity for pirates, who resell them. Kaspersky’s current estimate is that they sell for $3-$11; Akamai’s estimate is lower for individual streaming services but far higher for bundles.
Consumer email addresses may be used in phishing emails to entice consumers to register for a pirate service that resembles a legitimate service.
Another approach is to ask users to confirm or update their payment information for a streaming platform account, or to ask the user to enter a secondary payment method.
Phishing as an avenue for malware attacks
Phishing can also be used to entice consumers to download malware, thinking that they are downloading legitimate exclusive apps or updates. Nearly half of these are trojans, which are designed to inflict damage on their own, or to function as downloaders for other damaging software.
For every user whose account was compromised, there was an average of nearly 6 attacks per user. By far, the greatest number of subscribers who were attacked were Netflix subscribers. The study was conducted from January 2019 until early April 2020.
Read the Kaspersky summary (press release)
Read the detailed report
Why it matters
The Kaspersky study confirms and details methods used by pirates to attack consumers of streaming video apps, including those recognized in 2019 by the United States Federal Trade Commission.
The study measured five major streaming platforms, which have a total of more than 500 million subscribers among them, worldwide.
However, the evaluation did not include newly launched the recently introduced HBO Max or Comcast Peacock services. They are sure to be leveraged as additional lures, using the methods described by the Kaspersky report.