Fantasy football players may have had their PCs infected with malware

Barclays Premier League was targeted by malvertising on the popular fantasy league section of its website, finds Malwarebytes

Fantasy football players in the UK may have had their computers infected while browsing the fantasy Premier League section of the official Barclays Premier League website.

The site, which draws in over 16 million visitors per month according to SimilarWeb, had a malicious advert displayed that automatically redirected football fans to a nuclear exploit kit, according to Malwarebytes.

The Flash-based ad for a British yacht company was hosted on a suspicious server and distributed over https, meaning that the page was encrypted, and therefore would make it harder for malware-prevention tools to detect that there was a problem with the website.

The ‘advertiser' also hides its IP address behind CloudFlare services, although it was registered at GoDaddy.com.

How did it do it?

The malvertising campaign used Google URL shortener, which redirected users to the exploit kit.

"The malvertising chain is familiar as it makes use of goo.gl URLs, which are injected dynamically within compromised or blackhat sites," said Jerome Segura in a Malwarebytes blog.

"Those shortened URLs are used and discarded frequently and yet, because they belong to Google, a trusted company, cannot be blacklisted entirely at the root domain level," he added.

Once the user has been redirected to the exploit kit, the malware uses Flash Player exploits to compromise the end-user's machine.

Malwarebytes said that it had alerted the Premier League fantasy website and also reported the malicious shortened URL to Google.