Last week we issued a warning to viewers of alternative live streaming websites for the 2019 FIFA Women’s World Cup games. The URL that we published has now disappeared. We also learned that on Tuesday, June 25th French police arrested 5 French nationals in Rennes for running approximately 20 illegal sports streaming websites linked to a platform called: beinsport-streaming.com. In the past 6 months this platform has reportedly been visited by approximately 500,000 visitors per month. The investigation was prompted by a lawsuit filed last year after beIN Sports, Canal Plus, and Altice France filed a complaint.
We do know whether the website we reported on in our June 26th article was related to those arrests. Nonetheless, the site is now down. We have, however, conducted additional investigation into one of their vectors of attack, as described, below.
Fake Flash Updater / Installer Infection Vector
It appears that one of the malware infection vectors of this threat group is a fake Flash updater/installer targeting macOS devices. We have analyzed the malware and have found that it has been active since December 14, 2018. Two new malware payloads were added in May and June, 2019 as shown on the Graph diagram below.
In the above figure we have given the Hybrid-Analysis hashes with timestamps adjacent to the cluster of malware used as part of this attack.
Sports fans are likely to want the richest online experience and will, in the heat of the moment, respond to a social engineering pop-up flagging the need for a Flash update. Unwittingly they respond and then become infected with the malware.
Our analysis of the modus operandi of this threat actor group is ongoing. Nevertheless, we felt it was important to alert you, the reader, about this threat to sports fans. The Cyber Observables associated with this attack vector are given below.
Watch the game and stay safe!