Tuesday, July 23, 2024
EHA

Beware of WhatsApp Messages Offering Free Data to Watch FIFA World Cup

In Qatar, the 22nd FIFA World Cup began on November 20, 2022. This event sparked a new wave of cyberattacks. Threat actors targeted unsuspecting individuals with malicious activities that included the FIFA World Cup as a theme.

The popularity of the FIFA World Cup is being abused by a number of scams, according to Cyble Research & Intelligence Labs (CRIL), including crypto phishing attempts using fake FIFA airdrops, fake ticket sales, fraudulent giveaways, malicious Android apps, an increase in FIFA betting sites, and a lot more.

Scam Circulating On Whatsapp

CRIL researchers found scammers spreading messages on WhatsApp stating that FIFA is providing free 50GB bandwidth for everyone to view the 2022 FIFA World Cup in Qatar.

Particularly, the message contains a link that directs users to a scam website called “hxxp:/www.fifa-uj[.]top/,” which requests the user’s mobile phone and checks their eligibility for the free data.

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/12/Figure-4-%E2%80%93-WhatsApp-message-claiming-FIFA-giving-50BG-data.png?resize=364%2C519&ssl=1
WhatsApp message claiming FIFA giving 50BG data
https://i0.wp.com/blog.cyble.com/wp-content/uploads/2022/12/Figure-5-%E2%80%93-FIFA-scam-site-offering-free-50GB-data.png?resize=752%2C516&ssl=1
FIFA scam site offering free 50GB data

The scam website requests users to forward the message to their WhatsApp connections after authenticating the phone number in order to take advantage of a 50GB data offer.

Also, the scam website displays the mobile verification page and offers other gifts, such as iPhones, and iPads, after forwarding the message.

Crypto Phishing Schemes

Researchers identified a few crypto phishing attempts using the FIFA World Cup theme while keeping a close watch on phishing activity.

“The phishing site “football-blnance[.]com” was pretending to be the Binance cryptocurrency website attempting to trick users into giving sensitive information by offering free Non-Fungible Tokens (NFTs)”, CRIL

Consequently, the phishing site displays the QR code when a user clicks “Connect wallet” to claim the NFTs, and the user’s wallet account will be compromised upon scanning it.

Another phishing website called “claim-fifa[.]live,” which is providing FIFA archive NFT packs, according to CRIL. Here, when the user clicks on the “CLAIM NFT PACKS” button, a QR code for connecting to the cryptocurrency wallet will show up.

Redline Stealer Malware Disguised As FIFA Game

According to the reports, The download link “hxxps://www[.]playskeep.com/fifa-23” hosted the Redline stealer impersonating as FIFA 13 cracked game. 

When a user clicks on the “FREE DOWNLOAD” button, the malicious website starts downloading the “FIFA 23 [Cracked].rar” file.

Android RAT Distributed Via Malicious Website Using FIFA World Cup Lure

The threat actors responsible for this malware set up a Facebook page called “Kora 442,” which people could visit and download a harmful application from.

The TA has linked the distribution link in the post on their Facebook page, stating “Follow the World Cup matches live on Kora 442 application”. Researchers say the distribution site is still active and infecting users with Android RAT.

Check the Legitimacy of Websites

“Threat Actors often take advantage of such global events or festive seasons to launch mass infection campaigns, and users may fall for these scams due to excitement and a lack of attention”,  According to CRIL

Therefore, before downloading files or providing any sensitive information, it’s essential to confirm the legitimacy of websites.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Website

Latest articles

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Hackers Abusing Google Cloud For Phishing

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted...

Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure

The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members...

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike's software that...

NCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire Service

The National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most...

Play Ransomware’s Linux Variant Attacking VMware ESXi Servers

A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual...

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles