Here’s another big reason to avoid pirating content online

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

Pirating content online is both detrimental to creators and illegal, but it's also potentially dangerous for consumers. That's due to the sheer number of malicious ads found on popular piracy sites.

According to a joint investigation by the Digital Citizens Alliance, White Bullet and Unit 221B, those who visit piracy sites are often “bombarded with malicious ads that use scare tactics to trick them into downloading malware” which also includes ransomware.

In their new Unholy Triangle report (PDF), the researchers explain how they were prompted to click on an ad but instead their files were locked and the following message appeared demanding a ransom: 

"All your files like pictures, databases, documents, and other important [sic]are encrypted with [sic]strongest encryption and unique key….Please note that you will never restore your data without payment."

The report also found that nearly 80 percent of piracy sites serve malware-filled ads to their users and that 1 in 6 times, a visit to such a site leads to an attempt to serve malware.

Allowing malvertisers to victimize their users

During their months-long investigation, Digital Citizens, White Bullet and Unit 221B analyzed thousands of piracy sites to shine a light on the relationship between piracy site operators, malvertisers and even some ad intermediaries.

By working together with cybercriminals trying to spread malicious ads, piracy site operators generate an estimated $121 million in revenue just from U.S. visits to these sites. Besides ransomware, the researchers also found malicious ads that contain malware capable of stealing a user’s banking information, downloading spyware or flagging a device for future attacks.

As a follow-up to their initial report, a Digital Citizens survey found that Americans who visit piracy sites are two to three times more likely to report having their computers or mobile devices infected with malware compared to those who don’t visit these kinds of sites.

Chief technology officer at Unit 221B Shaun Gallagher provided further insight into the dangers of piracy sites in a press release, saying:

"The level of deception on pirate movie sites is alarming. Threat actors with ties to Russia are using these sites to prey on American consumers. These malware pushers grab every ounce of profit they can with no regard for the damage they cause. A couple innocent clicks could lead to a severe violation of privacy and cost hundreds of dollars, as consumers are bombarded with malicious ads containing ransomware and adware."

How to stay safe from malicious ads

Even if you don’t find yourself visiting less than reputable sites, malvertising or malicious advertising is still a threat you want to watch out for. This is because malvertising attacks can also come from ads on legitimate sites too.

In a blog post about malvertising, Norton points out that past malicious advertising campaigns have targeted the websites of major companies including the London Stock Exchange, MSN and Yahoo. 

A man's hands type on a laptop with the words 'Ad Blocker' displayed on the screen.

(Image credit: Pinone Pantone/Shutterstock)

To make matters worse, sometimes you don’t even have to click on a malicious ad to have your system infected with malware. Just visiting a page hosting malicious ads is enough and once they’ve finished loading, your computer could be infected with a virus.

In order to stay safe from malvertising, you should consider installing one of the best antivirus software solutions on your PC or the best mac antivirus software on your Apple devices. 

The best android antivirus apps are also worth checking out for those concerned about malicious ads on mobile. Likewise, installing an ad blocker will clear web pages of ads which could help protect you against malvertising.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.