On June 26th we published a short article on a click advertising fraud scheme that was preying on viewers of the 2019 Women’s World Cup being held in France. During the course of the games we identified several such live video streaming sites that appeared to be part of a connected fraudulent enterprise. These were:
Multiple Twitter accounts were pushing the above malicious websites out during the games using the following bit.ly link : bit[.]ly/2L1Ilbn.
In addition the Twitter account @skysportstv4 was pushing out the following malicious streaming website:
WARNING: DO NOT CLICK ON THE ABOVE LINKS – THEY ARE MALICIOUS
About the Criminal Gang
This threat actor gang appears to be involved, since March 2017, with online advertising fraud. They purchase domains related to popular sports and entertainment events and use them to conduct an Ad Click Fraud campaign. We have documented 40 domains they have used since March, 2017. Since January 2019 three of the domains they have used for their Ad Click Fraud scheme include:
We speculate that they drive traffic to their websites and infect visitors to further build out their botnet for Ad Click Fraud. Visitors to their websites have unknowingly become part of a global scheme to divert advertising dollars from legitimate sponsors of entertainment and sporting events.
This is a very active threat that is targeting sports fans. Users should make sure all devices are protected with an anti-virus application. Also, users that stream video using the VLC Video Player should immediately apply the patch made available July 6th. Users should also avoid visiting non-official live video streaming sites.