Tech

Torrent websites infect 12 million users a month with malware

If you visit torrent search websites to pirate software, the risk isn't only through the law.

Written by Charlie Osborne, Contributing Writer Dec. 14, 2015 at 2:51 a.m. PT

Hundreds of websites used to find links to torrent files for downloading pirated content are serving millions of visitors malware every month, new research has discovered.

While there is a current misconception that torrent search websites -- such as the Pirate Bay and KickAss Torrents -- are only used to facilitate piracy, this isn't the case. Torrent files facilitate the download of large files across peer-to-peer networking, and in itself this technology is not illegal and can be highly useful in finding license-free content or sharing large files with one another.

However, torrents are also used to download content for free which infringes upon intellectual property rights, such as movies, television shows, music and games.

Institutions such as the Motion Picture Association of America (MPAA) are fighting a losing battle in relation to preventing this type of piracy, simply because of the sheer number of people across the world tapping into the technology to download their favourite television show or album.

When a pirate is caught, they may be sent a notice demanding restitution or wind up in court, and the cost for downloading that film last Friday night can be far more expensive than the price of a DVD.

However, the cost can not only be financial but also be a loss of privacy and the theft of your data, according to a recent study scrutinising the security of torrent-based search engine websites.

According to researchers from the Digital Citizens Alliance and RiskIQ, almost a third of the 800 main torrent search websites online today regularly serve their visitors malware.

Security

As reported by Security Affairs, the firms' latest research (.PDF) claims that from June to August this year, 800 popular torrent websites served malware to visitors through ads and the download of malicious files.

Dubbed "malvertising," cyberattackers are using ad networks to silently deliver malware payloads to unsuspecting visitors. Not only can this affect legitimate websites, but malicious ads are also found in abundance on torrent search sites which rely on advertising to stay afloat.

The study suggests that these malware payloads, served by 33 percent of the sample group, are designed to steal data for sale on the black market -- through both malvertising and the download of copyrighted material embedded with malicious code. Malware served through ads targets users by drive-by downloads -- downloads which do not require users to do anything to become infected -- and by duping users to click on links.

In the latter form, fake Flash updates and pop-up prompts trick users into downloading larger malware payloads which can be far more dangerous.

Malware is also found in torrented content. In one example, a pirated copy of the game Fallout 4 served malware to a gamer victim resulting in the theft of their bitcoin savings, worth approximately $2000. Exploits, Remote Access Trojans (RATs), adware, ransomware and botnets were all discovered by the team, and all of which could lead to the theft of sensitive data or system surveillance.

In total, 12 million users a month in the United States alone were exposed to malware, suggesting torrent search websites are a major attack vector for today's digital threats, and this allowed cybercriminals to earn over $70 million dollars.

Simply put, nothing in life is free. If you wish to use torrent sites to download either legitimate or illegal content, you're taking a risk.

Tom Galvin, executive director of the Digital Citizens Alliance commented:

"When you visit mainstreams sites, things are naturally happening without you clicking anything: pictures are being downloaded, ads are generating.

What's happening now is that users can click on one of these content sites and decide not to watch a movie, but the malware is already on their computer scraping for their Social Security number. That's used to mimic and adopt your online persona, access banking information, and in some cases, people are getting credit fraud notifications."