19 August 2022


Read the full report here

  • All 50 streaming sites analysed were found to have malicious content
  • More than 90% of sites were classified risky, while more than 40% had no security certificate
  • Users bombarded with threats, including banking trojans, crypto scams, and extreme or explicit pop-ups
  • Finding content was more challenging than ever as fans were bounced around the web

Research from Opentext Security Solutions, a market leader in cyber resilience, has revealed the extent to which consumers are being exposed to fraud, dangerous scams and explicit content on illegal sports streaming sites.

Analysis of 50 popular sites uncovered that every single one contained malicious content, while over 40% of them did not have the necessary security certificate. As well as users being exposed to fraud and dangerous scams, the research revealed that explicit and extreme pop-ups bombarded visitors to the sites.

With a huge weekend of TV approaching, including Anthony Joshua’s latest fight, the launch of House of the Dragon, and Man Utd vs Liverpool in the Premier League, viewers could be tempted to stream illegally. However, they could also be exposing themselves to a whole range of dangerous material, designed to part them from their personal information and ultimately their cash. Some users may pay to access illegal streams, effectively handing over their personal information, and their money, to criminals.

One of the most dangerous threats widely found on illegal streaming sites was banking trojans. By simply clicking on an ‘unmute’ button on one site, users unwittingly download a piece of software that hackers use to access banking details and personal information. Users didn’t even have to enter any information – one click was enough to do the damage.

Since last year’s study, the types of pop-ups and scams aimed at users have also changed. Previously, Bitcoin scams were being used to target users, but this year there has been a notable absence of these, with other crypto currencies and investment platforms being used to lure unsuspecting consumers.

This year’s research also found numerous examples of explicit content being hosted or linked to on illegal streaming sites. This explicit content was extreme and a real risk to families who might share devices with children in their households.

It was also apparent that it is increasingly difficult to actually find watchable content, as users are bounced around numerous dodgy sites, without every actually finding what they are looking for.

Kieron Sharp, CEO at FACT: “It’s clear from this report that users of illicit streaming services are putting themselves and their families at risk of serious harm. Viewing content illegally puts users’ data at significant risk from hackers and organised criminals and, worryingly, exposes children to explicit content. To protect our children as well as our data, audiences must watch content only through the legal providers.”

Kelvin Murray, Senior Threat Researcher at Opentext Security Solutions: “These illegal streaming sites are often run by criminal enterprises to gain users’ personal data and sell them on. There is no safe way to use them without putting yourself at risk. As the people who run these sites become savvier, the scams that they employ to trick users into giving up their data will be harder to spot. Therefore, we recommend avoiding these types of websites and not putting yourself in danger.”

Five additional threats to watch out for

Bitcoin and crypto scams

  • Targeted and localised Bitcoin scams promising riches and asking users for banking details.
  • Convincing ads and websites that link directly to fake new sites with local celebrities and politicians.

Mobile apps scams

  • Links to fake mobile apps with privacy issues and useless in-app purchases ranging from £2.09 – £114.99
  • Apps that push notifications for junk and that scam their users
  • Mobile apps can also be installed on PCs and laptop devices and difficult to remove.

 Hi-jacked search results

  • Hi-jacking browsers allows cybercriminals to switch users’ default browser and take over their browser notifications. This means different search results are served up or users can be spammed with junk notifications and explicit content.
  • Even if users shut down their laptops the changes will remain.


  • A type of malware mobile application that come with hidden, excessive subscription fees.
  • On streaming sites these are often in the form of fake virus “scans” that push users to download antivirus software. The software looks legitimate but provides no protection.

Notification hi-jacking

  • Users looking to watch a stream are tricked into allowing notifications which bombard users with explicit and extreme content as well as scams and links to other malicious sites


  • Machine learning assisted searches identified active domains with dictionary terms relating to illegal streaming and piracy behaviour
  • Domains determined to be malicious were flagged and provided in human readable format
  • Human statistical analysis was completed on the results with the explicit aim to identify patterns and emerging trends.
  • Per standard practice, malicious domain names have been obfuscated.
  • Monitoring took place from the 30th April – 8th May 2022

 Data used:

  • Domains displaying an extremely high certainty of malicious activity or content.
  • Domains containing dictionary terms relating to typical streaming phrases and terminology common in US & UK English language.

Data excluded:

  • Domains detected by Webroot BrightCloud Threat Intelligence as benign.

18th August 2022 – London

About OpenText
OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions. For more information about OpenText (NASDAQ: OTEX, TSX: OTEX) visit opentext.com

Illegal streaming costs you more than you think.  Find out how here Illegal Streaming Costs More Than You Think | FACT (fact-uk.org.uk)



Share This Story, Choose Your Platform!