Beware of FIFA World Cup Themed Scam Apps and Websites Spreading Malware : Five Ways To Protect Your Devices

Christiano Ronaldo. Lionel Messi. Wayne Rooney. Three of the many names being uttered by hardcore football enthusiasts to casual sports fans during the past five days.

Clearly, the spirit of the 2014 FIFA World Cup is alive, and the fervor of this prestigious event is bringing together the people of competing nations. Unfortunately, cybercriminals are sharing in the festivities too.

Cybercriminals are targeting the mobile scene with scam ads of World Cup-themed mobile malware. In line with this, Trend Micro advises hardcore or casual football fans alike to exhibit responsible online behavior when faced with this kind of social engineering scheme.

Besides recently flooding the Internet with phishing scams and the taking down two Brazilian sites (the Sao Paulo Military Police website and the official World Cup 2014 Brazil website), cybercriminals are also targeting the mobile scene with scam ads of World Cup-themed mobile malware -- already more than 375 of them. Trend Micro found these malicious apps lurking in unauthorized third-party app stores, just waiting for users to install them on their mobile devices.

Upon analysis, the bulk of the World Cup-related malware are variants of prevalent mobile malware families. Trend Micro advises hardcore or casual football fans alike to exhibit responsible online behavior when faced with this kind of social engineering scheme.

With that in mind, here are some insights on how to maximize the whole FIFA World Cup experience without being compromised by online threats:

1. Do not download World Cup mobile apps from just anywhere.

Not every application you see is legitimate and safe. Before installing any app, verify each one by checking its developer and source. Giving these apps, like the FIFA 14 game, a closer look should make you notice obvious details and determine whether the app is real or fake. For one, the FIFA 2014 game below shows a FIFA 12 icon. That should automatically raise a red flag.

Fake World Cup Apps

Among the malware detected during this World Cup is the ANDROIDOS_OPFAKE.CTD. It passes itself off as fake clones of popular apps. Its malicious routines include subscribing the user to premium services, leaking a user’s contact list and messages, as well as installing malicious links and shortcuts on the mobile device home screen.

Fake World Cup Apps

2. Verify World Cup-related transactions before sharing confidential information.

World Cup threats are not limited to malware. Last year, Trend Micro reported phishing emails that used a supposed “FIFA World Cup 2014 Promotional Draw” to convince users to share personal information.

Recently, there was a website that tricked users into providing information, including their credit card credentials. As of the moment, the page has been taken down.

World Cup Phishing Page

Some football betting apps have also been found leaking information without user notification. They also don’t provide security prompts when payment processes are triggered. Users are advised to be very careful with their financial and personal information when using these apps or to not use them at all.

World Cup Malicious Slot Game App

3. Lessen access from third-party apps and services.

Third-party apps that have access to your phone can sometimes manipulate processes and utilize confidential information for unwanted activity, like sending messages to contacts without your consent. It would be best to be conservative in granting access to these programs.

A malware family detected leveraging World Cup fever is the ANDROIDOS_SMSSTEALER.HBT. Variants of this family share a similar method of fraud and fakery with OPFAKE, with one exception: they can connect to their remote command and control (C&C) server to receive and execute commands such as adding an SMS filter (to block or conceal certain incoming messages), sending messages, and installing new malware.

World Cup Fake Game App

4. Practice caution when visiting FIFA-related streaming websites or downloading installers.

It is understandable that not everyone has a cable TV connection that allows them to enjoy the world’s biggest football event. This forces them to go online to witness the action. Nevertheless, it would be best to be selective of the portals for broadcasted games.

Trend Micro recently discovered a file named Jsc Sport Live + Brazil World Cup 2014 HD.rar, which contains the file Brazil World Cup Streaming 2014.exe. This file is a backdoor identified as BKDR_BLADABIN.AB. Once activated, it can execute commands from a remote malicious user, effectively compromising the affected system. It can also capture screenshots which can be used to obtain sensitive information.

Football gaming fans are spared at no expense. A World Cup-related search led to a supposed key generator for the game FIFA 14. However, the supposed key generator is actually adware identified as ADW_INSTALLREX.

World Cup Fake Game Key Generator

5. Stay disciplined and vigilant in the face of FIFA-related material

Constant vigilance remains the biggest defense one can use as protection towards social engineering schemes. From timely spammed messages to suspicious social media posts, cybercriminals are knowledgeable enough to bait you into becoming a victim. Think and verify before you click on the next link that appears in your mail. If the promotion or the offer is too good to be true, then most likely it is.

While it may be a fact of life that big sporting events like these will inevitably have some sort of cybercriminal attack, being a victim of them isn’t. Users are reminded not to download anything from third-party app download sites, and to utilize mobile security solutions such as Trend Micro Mobile Security in order to keep mobile devices secure.