Users of live-streaming services are being warned about the threat of malware infections and computer scams after a university research team uncovered fresh evidence that up to 50% of overlay video advertising hosted on these websites is malicious.
The researchers, consisting of experts from Katholieke Universiteit Leuven in Belgium and Stony Brook University in the US, built a semi-automated tool used to identify "more than 23,000" live-streaming websites routinely used to watch movies, TV shows and sports without paying.
Once the webpages had been found, the team said it performed "more than 850,000 visits" to the domains and analysed over a terabyte of traffic. "Until now, free live-streaming services have mostly been analysed from a legal perspective. Our study is the first to quantify the security risk of using these services," explained M Zubair Rafique, from KU Leuven's computer science department, called iMinds. "We have assessed the impact of free livestreaming services on users. We also exposed the infrastructure of the ecosystem."
"The outcome of our research is quite confronting," he added. "In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting webpages in 50% of the cases."
The team found that most of the malware spreads as unwitting users are tricked into believing they need additional software to watch the live-stream. Yet this, according to the team, can be a massive security risk especially on Google Chrome and Safari – which were found to be the most vulnerable browsers.
Nick Nikiforakis, assistant professor in the Department of Computer Science at Stony Brook University in New York, said: "It's a public secret that the free livestreaming services ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live events. One example is the use of malicious overlay ads, which cover the video player with fake 'close' buttons. When users click these buttons, they risk being exposed to malware."
Yet the live-streaming websites are not the only services to be hit by malware developers and scammers. Most recently, a separate malware distribution scam was uncovered in pirated versions of video games – including World of Warcraft, The Witcher 3 and Assassins Creed. According to researchers with security firm Symantec, several torrent websites were found to be spreading the malicious software, including one that used the recognisable UTorrent logo to dupe users.
