New EU-wide research project carried out by the EUIPO has uncovered over 4,000 files containing malware or potentially unwanted programmes from more than 1,000 websites suspected of sharing illegally protected content. The 4 000 malicious files originated from approximately 100 individually developed pieces of malware, often marketed as being useful user software, including fake game installers and free programmes to access and stream pirated content.
EUIPO acting executive director Christian Archambeau while commenting on the study, which was carried out in collaboration with the United Nations Interregional Crime and Justice Research Institute, warned:
“Our previous research has shown that over half of digital natives say they consider the safety of a site to be a priority when accessing content online. Today’s study findings are [therefore] important for all online users, of whatever age, as they highlight the inherent dangers in copyright-infringing sites.” Whether that message is heard, and leads to behaviour changes, remains to be seen but proof of the danger is there for all to see.
European Observatory on Infringements of Intellectual Property Rights
Some websites and mobile applications illegally share copyright protected content publicly, sometimes even free of charge and without any registration. Along with this content, the websites commonly distribute various kinds of malware and potentially unwanted programs (PUPs), luring users into downloading and launching these files. These programs use deceptive techniques and social engineering — such as empty game installations and ostensibly ‘useful’ software — to trick end users into disclosing their sensitive information. This research was carried out in cooperation with the United Nations Interregional Crime and Justice Research Institute (UNICRI). In the research a variety of PUPs were discovered such as either ‘useful’ software, fake game installers and clients for video streaming platforms. This software does not necessarily pose direct dangers to the user’s software or hardware. However, through social engineering tricks, a user might be convinced to disclose sensitive personal information or payment card details. In addition, information about the computer itself might be leaked to other parties without explicit user consent