World Cup Wallchart Phishing Cheat Found

June 21, 2018


Safety scientists at Check Point have found a World Cup wallchart phishing cheat that is being used to transfer malware to soccer enthusiasts’ appliances.

The campaign involves specifically created electronic mail messages with the subject line:


Electronic mail receivers are persuaded to open and install a malevolent FIFA World Cup timetable and results checker that is attached to the electronic mail. The electronic mail receivers are informed that the attachment will let soccer enthusiasts to easily keep track of the games and the outcomes.

Nevertheless, the electronic mail attachment delivers far more than the message indicates. Opening the electronic mail attachment will fix a malware variation known as DownloaderGuide, which in turn will fix a type of malevolent software. DownloaderGuide is often utilized in phishing campaigns to disperse adware, fix toolbars, system optimizers, and other undesirable programs. Check Point scientists found numerous messages that are being used in the campaign, with a range of different executable files attached to the electronic mail.

The phishing campaign was first noticed on May 30, 2018, even though now the World Cup has substantially increased the volume of malevolent messages.

This is one campaign of several targeting World Cup enthusiasts. There have already been several World Cup phishing promotions already noticed that aim to steal identifications or deceive soccer enthusiasts into installing ransomware or malware.

Any main sporting occasion sees phishers and other cybercriminals take the benefit, and occasions as huge as the World Cup even more so. Billions of people will be seeing the event, with an expected 3.2 billion people having viewed the 2014 World Cup final.

With so many soccer enthusiasts eager to view the competitions on TV and follow World Cup news, and an expected 5 million fans going to Russia to see the competitions live, World Cup themed phishing attacks and other World Cup cheats are justifiably widespread.

With the soccer competition carrying on until mid-July, there are likely to be numerous more promotions started over the coming days.

Soccer enthusiasts must, therefore, be very cautious and follow safety best practices to evade becoming a sufferer of one of these attacks. Those best practices comprise:

  • Never open an electronic mail attachment from an unknown person
  • Never click hyperlinks sent in electronic mails from unfamiliar senders
  • Never disclose confidential information on World-Cup themed websites
  • Stop and ponder about any electronic mail request and consider that it might be a cheat
  • Be cautious of bogus websites with offers that appear too good to be real
  • If considering buying a ticket for a match, only use the approved FIFA website
  • Make sure your operating system and all software – including browsers and browser plugins – fully up to date
  • Make sure AV software is fitted and is set to update automatically
  • Take care when linking to Wi-Fi networks, particularly in Russia. Unsafe hotspots let man-in-the-middle attacks to take place and several bogus hotspots are projected to be set up to catch out the unwary
  • If visiting Russia for the competitions, consider leaving moveable electronic appliances at home. If that is not possible, make sure they are not arranged to link to Wi-Fi networks automatically