World Cup watching: The common threats found when using streaming sites


On the eve of the 2018 FIFA World Cup in Russia, we take a closer look at the possible cybersecurity risks that exist on sports-streaming websites.

With the start of FIFA World Cup on June 14 just a day away, many fans will be looking for streaming sites where they can watch the matches taking place at Russia 2018. If you are one of them, it is important that you understand the security risks that you will be exposed to if you do not take sufficient precautions.

Several of these sites are illegal (piracy issues) and many are used by cybercriminals to disseminate campaigns that go beyond the traditional scams that are spread by email to compromise users’ devices.

And we’re not just talking about invasive advertising, which by the way these websites are awash with. We are referring to malicious campaigns designed to take advantage of the anxiety of many soccer fans who are looking for a way to view the matches and when caught up in World Cup fever, they become more exposed to risks as their desire to watch the matches sometimes outweighs common sense.

To show some examples, we carried out a simple search on Google – just like soccer fans looking to watch the games this way would do. This simple search gave us more than one million results. We searched several of the sites that the search engine offered and we found numerous threats. Below, we show you some of the most common threats to watch out for. [Editor’s Note: The following research was done by our colleagues in Buenos Aires and therefore contains some images in Spanish]


Example of Google search

It should be noted that not all these sites have a malicious component. Even so, the examples that we will show are some of the threats that appear with greater frequency after the first ten pages of search results.

Social engineering campaigns for information theft

On some of the sports-streaming pages, once users enter, they are automatically redirected to other websites with social engineering campaigns that seek to trick them into stealing personal information. On some sites, just entering the browser automatically redirected us to two social engineering campaigns.

The first consists of a supposed survey and the possibility of winning a ‘prize’. This is done with the sole intention of knowing what browser the user is using.


Example of a page that aims to find out what type of browser the user is using

Once the user completes the survey, the possibility of winning the last available device in the day’s draw is offered as a “reward”.

Example of the ‘reward’ on offer

In the end, the only thing that the user is asked to do is to make a minimum payment to have the ‘prize’ delivered. No matter how many times the victim tries to enter a credit card number, a message displays saying  that the payment was not authorized. The only people who really win are the ones behind this campaign, for they have just stolen the credit card details.

Not authorized card payment message displayed to user

The second campaign that uses the social engineering format tries to convince the potential victim to enter cell phone number and personal identification document (along with other personal information), which usually ends in a subscription to SMS Premium messaging services.

Example of the type of trick used to convince the user to enter cell phone number and personal identification document

Malicious codes running on pages to watch online sports

The malicious codes implemented into video players hide add-ons or extensions that seek to be installed on the user’s device, many times with the objective of obtaining personal information.

Example of hidden trojan

Adware and annoying advertising

PUAs are potentially dangerous applications that result in the highest detection rates in Latin American countries. Thankfully, on the websites we entered, ESET products had detected and blocked these types of threats.

While these types of detections are not associated with applications that seek to steal information from users, they can be quite annoying because of the amount of advertising they show and also because in some cases they redirect to sites that contain more dangerous threats.

Miners on Streaming sites

During the searches we conducted we found websites where cryptocurrency mining was the main purpose. This is a growing phenomenon where sports and movie streaming sites have been used with increasing frequency. We found sites with different types of miners in our initial Google search:


Example of sites we found from our Google search with different types of active miners

Obviously, if users do not have a security solution or browser add-on that blocks (and alerts) this type of connection, the resources of their device will be used for cryptocurrency mining without warning.

Miners in series sites affecting mobile devices

If you thought that using a mobile device would spare you from cryptocurrency miners, we have some bad news for you as some miners come prepared exclusively to mine on this type of device.


Cryptocurrency miners are also working on mobile devices

While the above site was not related to the streaming sites used to watch soccer matches, it did, however, show up in the results of the initial search.

As we said at the beginning of this article, these are just some examples of what a user can find when surfing the internet looking for streaming sites to watch World Cup matches. While not all the sites we visited had malicious behavior — beyond an excessive burden of annoying advertising — some did register behaviors that pose some risk to the user.

This post is not intended to be an exhaustive study of everything that the user can find but merely a simple example to show how close threats are when trying to find a stream to watch soccer. If you do intend to watch the action via streaming sites we strongly advise being protected with a security solution when doing so.

written by Camilo Gutiérrez Amaya, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s