If you sometimes visit those websites that offer free livestreaming of sports and other events, you’re probably aware that they’re not quite legit—but copyright concerns aside, the security risk posed by these services is considerable.
That’s the conclusion of researchers at the Catholic University of Leuven (KU Leuven) in Belgium and Stony Brook University in New York, who analysed over 23,000 of these free livestreaming websites.
Using a semi-automated analysis tool, they checked out what happens when visitors click on the ads that often overlay the videos. As many as half of those ads turned out to be malicious.
Get Data Sheet, Fortune’s technology newsletter.
Clicking on the ads can prompt a direct download of unwanted software into your browser that may spy on your activities, or it could take you through to pages that still look like the livestreaming services but download malware onto your computer.
“It’s a public secret that the [free livestreaming] ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live events,” says Nick Nikiforakis of Stony Brook University in a statement.
The issue is this: Livestreaming websites that are not legitimate are likely to use dodgy ad networks to generate income. “Free livestreaming websites can be very useful platforms for these networks to distribute their software,” M. Zubair Rafique of KU Leuven told Fortune.
According to the researchers, the popularity of Google’s (GOOG) Chrome and Apple’s (AAPL) Safari has led the criminals behind these systems to specifically target these browsers. And if you use an ad-blocker when visiting such sites,that may not protect you, as the services actively try to “defeat” popular ad-blocking extensions.
For more on cybersecurity, watch our video.
Rafique explained that 93 percent of the video players on these livestreaming websites carry overlay ads that break the guidelines of the online ad industry—instead of taking up a maximum 20 percent of the height of the player, and being situated at the bottom, they are placed at the top of the player and take up as much as 80 percent.
The ads are sometimes disguised as “play” buttons as well as “close this ad” buttons, and often attempt to fool users into downloading software by claiming it is necessary to play the stream. One site prompts the user to download an Android app that is actually “adware”—software that displays unwanted advertising.
Rafique said the universities’ research used purely academic funding, with no backing from the copyright-holder industry.
