Piracy Sites Used to Spread Malware

A malware campaign uses fake video player updates on illegal streaming sites to install cryptominers on user computers, exploiting a common user behavior.

A security firm has detailed a long-running malware campaign that targets users of illegal movie and TV show streaming websites. The attack begins when a user tries to watch a video on one of these sites. The video player displays a message prompting them to install a fake update for a video plugin. If the user agrees, the downloaded file installs a cryptominer on their computer. This type of malware uses the infected machine's processing power to mine for cryptocurrency without the user's consent, leading to significant performance degradation and increased energy consumption. The campaign has been active for years, successfully exploiting the common behavior of seeking pirated content online.

This campaign highlights a significant risk for businesses, as employees may use corporate devices for personal activities, including accessing such websites. The social engineering tactic of a fake software update is effective because it appears to be a legitimate request required to view the content. It serves as a reminder for IT and security teams about the dangers of shadow IT and the importance of user education. The use of cryptominers as a payload demonstrates how attackers can monetize compromised systems discreetly, often going unnoticed for long periods while draining company resources and potentially creating security backdoors for more severe attacks.