In recent years copyright holders have been rather concerned with the health of pirates’ computers.
They regularly highlight reports which show that pirate sites are rife with malware and even alert potential pirates-to-be about the dangers of these sites.
While some of these claims are exaggerated, there is no denying that malware is spread through pirate sites. On torrent sites, this is usually done in the form of fake releases uploaded by malware peddlers, who disguise themselves as legitimate uploaders.
While the .torrent files and the sites are not the problem, the actual downloads can include all sorts of nastiness.
This problem isn’t new. We have highlighted it repeatedly over the years, going back more than a decade in some cases. Although it’s been hard to quantify the problem, a new report from Kaspersky Lab adds some intriguing context to the phenomenon.
The cybersecurity company and anti-virus provider decided to take a closer look at how scammers use popular TV shows to lure victims. Are some shows more frequently used than others, for example, and which ones are most successful in delivering their payload?
“Our goal was to see which TV series were the most popular with the malware pushers and to take a closer look at what kind of threats are distributed that way,” Kaspersky writes.
The research provides a snapshot of how malware spreads through downloads of 31 popular TV shows. Kaspersky ran these titles against its in-house database of malware encounters, to see how often the TV-shows were linked to malware.
The results show that last year, 126,340 users were attacked by malicious payloads that could be linked to (fake) pirated copies of popular TV-shows. The total number of recorded attacks among all users was 451,636. That translates to little under 1,000 malware attacks per day.
The 2018 numbers are a significant decrease compared to the year before when 188,769 users were attacked. According to Kaspersky, this drop is in line with a decrease in the overall prevalence of malware attacks in other areas. Torrent sites are losing traffic slowly as well, which may play a role too.
While the number of malware attacks linked to popular TV-shows is sizable, it’s worth keeping in mind that these originate from uploads by scammers. These uploads are usually swiftly removed from well-moderated torrent sites but can clearly survive longer on other indexes.
Looking at the individual show titles, Kaspersky found that Game of Thrones accounted for 17% of all user attacks in the sample. This is quite an achievement since there were no new episodes released in 2018. The number of total attacks and unique malware samples were also the highest for Game of Thrones.
“Of all the TV series analyzed, Game of Thrones had the greatest number of users attacked by malware of the same name – 20,934. It tried to infect users 129,819 times, and the total number of Game of Thrones-themed malware files in our threat collection is 9,986.
“This makes the show an unmatched leader in popularity not just among users but also among cybercriminals looking for the most effective way to distribute malware,” Kaspersky adds.
The list of top 10 most popular ‘malware’ TV shows is completed by other popular titles such as The Walking Dead, Arrow, and Suits. These are familiar names in our yearly list of most pirated TV-shows, which makes sense, as scammers seek out the most sought after releases.
A more detailed look at the episodes within a season further shows that the premiere and season finale are the most likely to be infected. As such, they also target the most users.
“The common theme we were able to spot was that the first and last episodes were used as a disguise for malware each season. Also, the titles of the opening and closing episodes of each season were used the most actively to hide malware compared to other episodes,” Kaspersky writes.
While Game of Thrones is the uncrowned king of torrent related malware, American Horror Story also deserves a mention. Of all the researched TV-shows, this show was the most effective, as it hit an average of three users per infected release.
Finally, Kaspersky reports that “Not-a-virus:Downloader” and “Not-a-virus:AdWare” are the most common threats which are shared TV show content. The most popular ‘dangerous’ malware was the Trojan category.
With the final season of Game of Thrones coming up later this month, Kaspersky’s findings should serve as a “stark” warning to pirates.
The anti-virus vendor notes that using legitimate sites is the best option to avoid trouble. Other tips include checking the extension of a downloaded file, avoiding suspicious links that promise early releases, and checking the comments before downloading a torrent.
Kaspersky’s full report is available here.