World Cup streaming: Websites hosting live streams pose danger to football fans who watch online

Anthony Cuthbertson

Websites hosting online live streams of World Cup matches have been appearing across the internet, though not all of them are safe.

The final group matches of Group C between Australia and Peru, and Denmark and France kick off at 3pm BST on 26 June.

Links to live streams are being posted to illegal streaming sites – many of which are easily accessible through Google – as football fans turn to piracy sites to watch matches that are not freely available in their own country.

(In the UK, games will be streamed through BBC's iPlayer and the ITV website.)

This has prompted warnings from cybersecurity experts that people could put themselves at risk if they view matches on illegal websites.

“It’s become a lucrative business for malicious actors to host illegal streaming websites – and the World Cup is a perfect opportunity for them," Chris Hodson from the cybersecurity firm Zscaler, told The Independent.

"While sports fans prepare to stream their favourite teams’ games, the increased interest in the tournament will also attract the attention of cyber criminals who’ve produced a variety of ways to trick fans into downloading malicious code and unwittingly giving up account credentials."

These account credentials, Mr Hodson warned, are often used over multiple sites, meaning cyber criminals could gain access to individual's email accounts and bank accounts.


One of the biggest threats of of visiting illegal live streaming sites is overlay ads or buttons, according to Kecia Hoyt, senior threat research engineer at Fidelis Cybersecurity.

"These sites are made to look legitimate and will often overlay a video with an ad that has a fake close or even play button," Hoyt told The Independent. "Users will attempt to ‘close’ the ad to enable a full view of the video but behind the scenes malware will be installed on their computer or device as a result of that single click."

Another threat posed by illegal streaming sites is something known as cryptomining, whereby people's computers are used to secretly mine cryptocurrency.

“Illegal streaming sites are illegal by nature and are riddled with malicious software," said Joep Gommers, CEO at EclecticIQ.

"The machines of users visiting those sites are mostly attacked in the form of drive-by-downloads, which means that malware is downloaded when visiting a website, completely without the user’s knowledge. Currently, a very common type of malware is cryptomining."

Steve Mulhearn, director of enhanced technologies at Fortinet, told The Independent that fans who risk visiting these sites should follow certain precautions to minimise the danger.

"Running the most updated versions of your operating system, security software, apps and Web browsers is among the best defences against malware, viruses and other online threats," Mr Mulhearn said.

"Cyber-attackers usually target flaws and vulnerabilities in outdated browsers and plug-ins. It is best to have your security software and web browser update automatically to minimise exposure to known threats."

Other experts advised that people would be best to avoid visiting these sites entirely.

Overall, I’d say that visiting these types of websites is not a good idea," Leigh-Anne Galloway from Positive Technologies, told The Independent.

"You can’t be 100 per cent confident that you’re not basically walking into a trap and, for the sake of 90 minutes of free football, it will take a lot of effort to clean up.”

Richard Walters, Chief Security Strategist at CensorNet, added: "These websites are essentially cesspools of malware and viruses, and people using them do so at a personal risk to their devices and the data stored on there.

"From a personal perspective at home or at work, you should stick to trusted websites and legal streams."