Watch the World Cup: Common threats found when using streaming sites

Parvinder Walia, Sales and Marketing Director at ESET Asia Pacific
Parvinder Walia, Sales and Marketing Director at ESET Asia Pacific

As the 2018 FIFA World Cup kicks off in Russia, we take a closer look at the possible cyber security risks that exist on sports streaming websites

By Parvinder Walia

With the kick-off of the FIFA World Cup, many fans will be looking for streaming sites where they can watch the matches taking place in Russia. If you are one of them, it is important that you understand the security risks that you will be exposed to if you do not take sufficient precautions.

Several of these sites are illegal (piracy issues) and many are used by cyber criminals to disseminate campaigns that go beyond the traditional scams that are spread by email to compromise users’ devices.

And we’re not just talking about invasive advertising, which by the way these websites are awash with. We are referring to malicious campaigns designed to take advantage of the anxiety of many soccer fans who are looking for a way to view the matches and when caught up in World Cup fever, they become more exposed to risks as their desire to watch the matches sometimes outweighs commonsense.

To show some examples, we carried out a simple search on Google – just as soccer fans looking to watch the games this way would do. This simple search gave us more than one million results. We searched several of the sites that the search engine offered and we found numerous threats.

It should be noted that not all these sites have a malicious component. Even so, the examples are some of the threats that appear with greater recurrence after searching the first ten pages of search results.

Social engineering campaigns for information theft
On some of the sports streaming pages, once users enter, they are automatically redirected to other websites with social engineering campaigns that seek to trick them into stealing personal information. On some sites, just entering the browser automatically redirected us to two social engineering campaigns. The first consists of a supposed survey and the possibility of winning a ‘prize’. This is done with the sole intention of knowing what browser the user is using.

Once the user completes the survey, the possibility of winning the last available device in the day’s draw is offered as a ‘reward’. In the end, the only thing that the user is asked to do is to make a minimum payment to have the ‘prize’ delivered. No matter how many times you try to enter your credit card number, the user will be met with a message telling that the payment was not authorised. The only people who really win, however, are the ones behind this campaign, as they keep the credit card details.

The second campaign that uses the social engineering format, tries to convince the user to enter their cell phone number and their personal identification document (along with other personal information), which usually ends in a subscription to SMS Premium messaging services.

Malicious codes running on pages to watch online sports
The malicious codes implemented into video players hide add-ons or extensions that seek to be installed on the user’s device with the objective of obtaining personal information many times.

Adware and annoying advertising
PUAs and potentially dangerous applications that result in the highest detection rates in Latin American countries. Thankfully, on the websites we entered, ESET products had detected these types of threats.

While these type of detections are not associated with applications that seek to steal information from users, they can be quite annoying because of the amount of advertising they show and also because in some cases they redirect to sites that contain more dangerous threats.

Miners on streaming sites
During the searches we conducted, we found websites where cryptocurrency mining was the main purpose. This is a growing phenomenon where sports and movie streaming sites have been used with increasing frequency. We found sites with different types of miners in our initial Google search.

Obviously, if the user does not have a security solution or browser add-on that blocks (and alerts) this type of connection, the resources of their device will be used for cryptocurrency mining without warning.

Miners in series sites affecting mobile devices
If you thought that using a mobile device would spare you from cryptocurrency miners, we have some bad news for you as some miners come prepared exclusively to mine on this type of devices. As we said at the beginning of this article, these are just some examples of what a user can find when surfing the internet looking for streaming sites to watch World Cup matches.

While not all the sites we visited had malicious behaviour – beyond an excessive burden of annoying advertising – some did register behaviours that pose some risk to the user.

This post is not intended to be an exhaustive study of everything that the user can find, but merely a simple example to show how close threats are when trying to find a stream to watch football. If you do intend to watch the action via streaming sites we strongly advise the importance of being protected with a security solution when doing so.

(The author is the Sales and Marketing Director at ESET Asia Pacific)