The 2026 FIFA World Cup has triggered a record-breaking surge in cybercrime, with hackers exploiting the global appetite for free streaming access to matches. HUMAN Security’s Satori Threat Intelligence Research Team uncovered that in June alone, over 802,000 compromised streaming accounts were released onto dark web markets. This figure marks an unprecedented scale of credential theft linked directly to the tournament’s massive viewership.

The US Department of Justice intervened swiftly, seizing nearly 400 illegal streaming domains the day before HUMAN Security’s report was published. These fraudulent sites do more than hijack login details; they serve as vectors for malware infections, exposing viewers to a range of threats including banking trojans. This dynamic transforms what should be a simple streaming experience into a high-risk security breach.

Targeting Crypto Wallets Through Streaming Apps

A particularly alarming trend identified involves malicious Android streaming applications bundled with banking trojans from the Massiv and Perseus families. These trojans use fake streaming apps to request intrusive permissions, enabling them to overlay counterfeit login screens on top of legitimate banking and crypto wallet apps. When a user accesses their digital wallet to check balances or authorize transactions, the trojan intercepts and captures their credentials.

Unlike traditional banking fraud, crypto theft via these trojans is irreversible since blockchain transactions cannot be disputed or reversed. This adds a severe layer of risk for crypto holders, especially as these attacks bypass conventional financial safeguards.

Android users face heightened vulnerability due to the common practice of sideloading APKs from unofficial sources. For example, fans in regions without official broadcast rights might download unauthorized streaming apps promising free access, unknowingly installing trojans that silently monitor financial app usage.

This intersection of streaming piracy and crypto-targeted malware exemplifies a broader cybercrime ecosystem that exploits major global events for maximum impact. The sheer volume of accounts compromised and traded cheaply on secondary markets means the consequences extend well beyond fans seeking free access, reaching into the financial security of digital asset holders worldwide.

This material is informational and does not constitute financial advice.