Tuesday, December 5, 2023

Beware of WhatsApp Messages Offering Free Data to Watch FIFA World Cup

In Qatar, the 22nd FIFA World Cup began on November 20, 2022. This event sparked a new wave of cyberattacks. Threat actors targeted unsuspecting individuals with malicious activities that included the FIFA World Cup as a theme.

The popularity of the FIFA World Cup is being abused by a number of scams, according to Cyble Research & Intelligence Labs (CRIL), including crypto phishing attempts using fake FIFA airdrops, fake ticket sales, fraudulent giveaways, malicious Android apps, an increase in FIFA betting sites, and a lot more.

Scam Circulating On Whatsapp

CRIL researchers found scammers spreading messages on WhatsApp stating that FIFA is providing free 50GB bandwidth for everyone to view the 2022 FIFA World Cup in Qatar.

Particularly, the message contains a link that directs users to a scam website called “hxxp:/www.fifa-uj[.]top/,” which requests the user’s mobile phone and checks their eligibility for the free data.

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/12/Figure-4-%E2%80%93-WhatsApp-message-claiming-FIFA-giving-50BG-data.png?resize=364%2C519&ssl=1
WhatsApp message claiming FIFA giving 50BG data
https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/12/Figure-5-%E2%80%93-FIFA-scam-site-offering-free-50GB-data.png?resize=752%2C516&ssl=1
FIFA scam site offering free 50GB data

The scam website requests users to forward the message to their WhatsApp connections after authenticating the phone number in order to take advantage of a 50GB data offer.

Also, the scam website displays the mobile verification page and offers other gifts, such as iPhones, and iPads, after forwarding the message.

Crypto Phishing Schemes

Researchers identified a few crypto phishing attempts using the FIFA World Cup theme while keeping a close watch on phishing activity.

“The phishing site “football-blnance[.]com” was pretending to be the Binance cryptocurrency website attempting to trick users into giving sensitive information by offering free Non-Fungible Tokens (NFTs)”, CRIL

Consequently, the phishing site displays the QR code when a user clicks “Connect wallet” to claim the NFTs, and the user’s wallet account will be compromised upon scanning it.

Another phishing website called “claim-fifa[.]live,” which is providing FIFA archive NFT packs, according to CRIL. Here, when the user clicks on the “CLAIM NFT PACKS” button, a QR code for connecting to the cryptocurrency wallet will show up.

Redline Stealer Malware Disguised As FIFA Game

According to the reports, The download link “hxxps://www[.]playskeep.com/fifa-23” hosted the Redline stealer impersonating as FIFA 13 cracked game. 

When a user clicks on the “FREE DOWNLOAD” button, the malicious website starts downloading the “FIFA 23 [Cracked].rar” file.

Android RAT Distributed Via Malicious Website Using FIFA World Cup Lure

The threat actors responsible for this malware set up a Facebook page called “Kora 442,” which people could visit and download a harmful application from.

The TA has linked the distribution link in the post on their Facebook page, stating “Follow the World Cup matches live on Kora 442 application”. Researchers say the distribution site is still active and infecting users with Android RAT.

Check the Legitimacy of Websites

“Threat Actors often take advantage of such global events or festive seasons to launch mass infection campaigns, and users may fall for these scams due to excitement and a lack of attention”,  According to CRIL

Therefore, before downloading files or providing any sensitive information, it’s essential to confirm the legitimacy of websites.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Website

Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles