They say crime doesn’t pay, but a new study estimates that pirates make somewhere in the range of $70 million every year by installing malware on the devices of unsuspecting users.

DON’T MISS: Netflix still dominates online streaming, and is slowly killing BitTorrent

According to a study called “Digital Bait” commissioned by the Digital Citizens Alliance (DCA) and conducted by RiskIQ, one out of every three sites in a sampling of 800 sites dedicated to distributing stolen TV shows and movies contained malware.

45% of that malware could make its way on to a user’s device through a “drive-by-download,” which means that the user wouldn’t even notice that the installation had taken place.

“It’s clear that the criminals who exploit stolen content have diversified to make more money by baiting consumers to view videos and songs and then stealing their IDs and financial information,” executive director of DCA Tom Galvin said in a statement.

Once the malware is in place, criminals are able to steal bank and credit card information, find and share private information, lock a computer and demand a ransom or even take control of the computer to commit acts of fraud while framing the owner of the computer.

It’s a terrifying (and lucrative) industry, but you can effectively protect yourself from it by simply avoiding malicious sites. One of the most interesting claims in the study is that content theft sites are 28x more likely to contain malware than a legitimate site.

“By dangling such content as bait, criminals lure in unsuspecting users and infect their computers,” the study said. “In doing so, these criminals are exploiting a lack of understanding and awareness among users about the risks visiting shady websites can pose.”

If you want to know more, you can read the study on DCA’s website.