Phishing scams and adware installers target NCAA viewers in large numbers

• The March Madness tournament generally has more than 10 million viewers, with most of them watching it through online streaming sites.
• A detailed analysis by ZScaler revealed numerous instances of phishing attacks and adware that were prevalent in fake streaming sites.

NCAA 2019 might be nearing its season end but attackers will never end their ploys. A research report by ZScaler’s ThreatLabz team found that malicious actors deployed phishing attacks and adware in fake online streaming sites touting to broadcast NCAA 2019. With most of the viewers watching the tournament matches on streaming sites, attackers have resorted to creating fake domains to lure many viewers onto these sites.

The big picture

• ThreatLabz team particularly analyzed unofficial streaming sites listed on a Google search results page when queried. Some of them were found to be phishing links.
• They also came across malicious streaming sites that were loaded with adware on every page in the site. One of the sites also asked site visitors to donate money through a PayPal donation link.
• These sites had obfuscated JavaScript code to load malicious plugins if the user closed the displayed ads.
• Many typo-squatted domains were also documented by the team to make viewers believe that they were watching a legitimate site.

Why it matters?

Atif Mushtaq, CEO of security firm SlashNext suggests that phishers are leaning on popular tournaments such as NCAA to proliferate incidents in large numbers.

“New sites are cropping up daily, and our system alone has caught over 50 websites from just one of the prolific cyber-gangs. With the end game of committing credit-card fraud, the realistic-looking pages hope to attract victims getting caught up in the excitement and gambling that goes along with March Madness,” he told ThreatPost.

Krishna Sona and Chris Mannon, the team behind the study warn viewers to stay away from malicious sites touting to stream NCAA matches. “The examples laid out should highlight the diversity of threats that attempt to exploit the excitement around the NCAA tournament. We encourage readers to exercise caution when doing searches or clicking on links related to streaming the tournament,” the duo said.