‘Jailbroken’ streaming devices and apps are Trojan Horses for malware

The latest entertainment scams are just like Trojan Horses—you invite them into your home thinking they’re something awesome, but they actually mean you harm.

Back in the old days (in 2017), you “just” had to worry about downloading pirated content you found on the internet because it could contain malware. Now, scammers are selling devices and downloadable apps promising that you’ll “never pay for a movie or TV show again.” In reality, what you’re likely to get is free content with a side of theft and fraud.

How the scam works
You hate paying for a myriad of streaming services so you decide to buy what is advertised as a “jailbroken* Fire TV stick” or a “Kodi box.” These look and act like popular streaming devices but they connect to pirate apps to get content for free. For a one time price of $75-100 on eBay, Craigslist, or Facebook Marketplace, you can watch everything you want without spending another dime.
Once it arrives, you plug it in and get it connected to your network. Even if it has some preloaded software, you’ll likely be invited/instructed to download even more pirate apps so you can access a range of content including movies, sports, and pay-per-view for free.

That device, without your knowledge, is pre-loaded malware—and you just personally escorted it past your network’s firewall and security.

(*jailbroken means  all the of previous software restrictions on the device have been removed.)

What could happen?
The Digital Citizens Alliance (DCA) did a bunch of research on these jailbroken devices and found malware that:

  • Uploaded terabytes of data to devices on the same network as the Kodi box
  • Stole usernames and passwords for other streaming services connected to the box (reminder: never use the same password twice!!)
  • Stole Wi-Fi network names and passwords

And, on the dark web, there was chatter about using the malware to:

  • Carry out spam attacks or exploiting computer power to mine for cryptocurrency
  • Access information stored elsewhere on the same network, such as photos, passwords, and banking information

Worse, disconnecting the malware-infected device doesn’t solve the problem. Once the device is installed, the malware has already infected the entire network.

To be clear, it’s not the free, open-source media player Kodi software itself that’s the problem—but it’s a platform that inadvertently supports dangerous pirating software and apps.

Is this just a theoretical risk?
No, not really. The DCA found that those who did NOT have a piracy device in their homes, only 7 percent reported an issue with malware. Of those who did? 44% reported a problem. While they can’t prove the jailbroken device caused the problem, it’s clear there is a relationship between risky security choices and malware.

Fun fact: These devices are super popular. Recent polling found that 13% of the 2,703 U.S. respondents have used an illegal streaming device. Another estimate is that 6.5% of all North American households have at least one of these devices on their home network.

Is using one of these boxes illegal?
YES. Just last month the FCC issued an advisory warning that anyone who markets or uses one of these jailbroken devices could face penalties of more than $147,000 per violation.

Resist temptation and don’t purchase, or use, one of these malware-laden devices. You may see a movie for free, but it could cost you literally (that’s a big FCC fine!) and figuratively in terms of hassle.

For more information, read the full Digital Citizens Alliance report.

By the TDS Security Team

No comments yet.

Leave a Reply