There was a time when e-book piracy was ridiculously easy. BitTorrent sites and private forums were the most popular, but many of them were subsequently shut down. What took their place? Shadow Libraries such as Anna’s Archive, Library Genesis, Sci-Hub, and the most notorious Z-Library. Sadly, these shadow libraries are targeting pirates and stealing their data.
Z-Library has had a turbulent history, with various law enforcement agencies shutting down most of its domains, only to resurface with renewed vigor. It is a game of whack-a-mole, but most of the new domains are only given out on private Telegram channels. Due to the site’s popularity, other Z-Library clones are emerging, with the sole purpose of stealing Bitcoin wallets, credit card data, and user information.
New Research has found that an alleged database backup belongs to Z-lib, a malicious clone of Z-Library that ranks at the top of Google search results. The site’s administrators accidentally leaked usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses for 9,761,948 users in a public backup file.
The Z-lib website was created just days after the original Z-library domains were seized by law enforcement in November 2022. Scammers pretended to continue the website’s activities, and the identities of the Z-lib owners are unknown. The operators of the fake websites impersonate the Z-Library project and claim to be the only “legitimate” Z-Library website.
The reason why the clone was able to steal the users information is because the real Z-Library website relies on donations to keep the lights on. The free tier only allows for a few e-books to be downloaded every day, whereas paid users can download as much as they want. Z-Library has trained millions of users to donate to a good cause, something the scammers are exploiting.
I think most people who use Shadow Libraries believe they are safe, as there is a lower chance that law enforcement will target them, instead focusing on the operators. Torrents used to be safe, too, until people who downloaded content without using a VPN would receive letters from their ISP on behalf of publishers, trying to scare them into settling a potential lawsuit. Now, even Shadow Libraries are not safe, as threat actors are targeting the pirates, leaving them with nowhere to turn.
Michael Kozlowski is the editor-in-chief at Good e-Reader and has written about audiobooks and e-readers for the past fifteen years. Newspapers and websites such as the CBC, CNET, Engadget, Huffington Post and the New York Times have picked up his articles. He Lives in Vancouver, British Columbia, Canada.