You think you’re watching the games for free, but are you sure that’s the case? Let’s review some of the risks that may come with free live streaming websites.
The IIHF Ice Hockey World Championship kicked off in Slovakia last Friday and many fans who can’t attend in person are on the hunt for an online streaming service to watch their favorite teams battle it out for the coveted trophy. Chances are that you’re one of those people, in which case you may want to pay heed to some of the security risks that come with free live streaming websites.
Free streaming websites may appear an obvious choice in the search for a way to watch the big game. However, a number of them not only show stolen content, but actually act as bait to catch sporting fans unawares. In other words, they expose the viewers to a slew of risks, including malware downloads, personal data theft, and financial scams.
One thing to watch out for is ads. In fact, free live streaming sites are literally brimming with advertising that is not only annoying, but often outright malicious. Three year ago, researchers from the University of Leuven-KU in Belgium and SUNY-Stony Brook in the United States analyzed 23,000 streaming sites and found that no less than one-half of video overlay ads on them were malicious. In those cases, clicking on such an ad resulted in a redirection to a malicious website.
Malicious ads on streaming sites often involve covering the player with faux [Close] buttons that scream for being clicked, as they obscure most of or the entire player. The site may also ask you to download software such as a ‘plugin’ to watch the games, which, too, results in a malware infection. Or the site may display a fake alert that your device has been compromised with malicious software and that, in order to ‘clean up’, you need to download a tool from the site or call the phone number displayed in the pop-up window.
In some cases, dodgy sports streaming sites automatically redirect users to other websites that use social engineering in a bid to steal people’s personal data. As shown by our research in the run-up to last year’s FIFA World Cup, this could, for example, be a survey designed to steal people’s phone numbers and credit card details. Once you filled out the survey, you were offered a potential ‘prize’ in return for a small payment for the delivery. Except that there was no prize and, if you made the payment, your credit card data was stolen. In another campaign, the fraudsters would use an online form to obtain the user’s phone number that was then signed up to a premium SMS messaging service.
Covert cryptocurrency mining is another threat, as many streaming websites aim to hijack users’ machines to mine virtual currencies. Some miners are even explicitly designed to harness mobiles, so users streaming on mobile aren’t necessarily safe either.
These are just some of the examples of the kinds of threats you can be exposed to when using streaming sites to watch major sporting events. Yet they serve to show that it may pays to be picky when choosing a way to watch the games.
written by Tomas Foltyn, ESET We Live Security