Researchers at Cyble Research & Intelligence Labs (CRIL) found a trove of hacking campaigns aimed at football fans in this FIFA World Cup 2022.
The researcher found that threat actors were taking advantage of FIFA fans using Crypto to lure victims using fake FIFA airdrops. The report states that the hackers have been actively exploiting the FIFA World Cup 2022 to launch phishing campaigns. Some of the methods employed by the hackers were to use FIFA airdrops, fake ticketing, and fraudulent giveaways.
In another instance, CRIL found a fake FIFA betting website that provides a platform for unsuspecting victims to give crucial information in exchange for a chance to win big cash prizes. Here’s an easy-to-digest version of the report.
Hackers using FIFA World Cup 2022 to lure victims
The FIFA World Cup Qatar 2022 brought in a lot of excitement for football fans since many legendary players and teams were making a comeback to showcase their skills. With fans around the world chanting the FIFA anthem, hackers too are also finding ways to use this opportunity to run malicious campaigns.
While doing their regular threat hunting exercise, the CRIL team found crypto phishing attempts using the FIFA World Cup theme to lure victims to a phishing site, “football-blnance[.]com”.
The website was pretending to be an authentic Binance cryptocurrency website. However, upon further inspection, it was found that the fake websites were offering Non-Fungible Tokens in exchange for sensitive information (NFTs).
After successfully fooling the victims into believing that the website is authentic, the victims are then persuaded to click the “Connect wallet” button. Once clicked, the website takes the users to a QR code, and the user wallet account’s information and credentials are fetched. The threat actor then accesses the victim’s account to deplete all the resources and change the wallet address.
Moreover, the researcher also found another similar phishing site that uses the “claim-fifa[.]live” domain to offer FIFA NFTs to the users, which in general, is just another instance of the same attack where the threat actors use a fake website to pursue victims into clicking the “CLAIM NFT PACKS” button to steal the victim’s Crypto from their wallet addresses.
In other similar instances, hackers used WhatsApp messages and YouTube tutorials to download FIFA-related applications and games to lure victims to the scam.