A large cyber fraud operation targeting IPL fans has revealed how organised criminal networks are exploiting demand for match tickets and free streaming access through fake booking portals, malicious websites and sophisticated digital infrastructure.
A recent investigation by a security researcher identified more than 600 fraudulent domains posing as IPL ticket booking platforms and over 400 fake streaming websites during the season. The findings indicate that the operation was highly organised, using professional designs and tactics that closely resembled legitimate online services.
According to reports, the fake websites imitated popular ticketing platforms such as BookMyShow and District by Zomato. They featured convincing user interfaces, payment gateways, automated ticket generation systems and fabricated customer reviews. Fans searching for match tickets or live streams were reportedly directed to these websites through Google advertisements, Facebook posts, Telegram channels and Instagram reels.
Investigators found that the fraudulent domains were also boosted through aggressive search engine optimisation, allowing them to appear alongside legitimate platforms in search results.
Once users entered the sites, the experience appeared genuine. Visitors could select seats, submit personal information, complete payments through UPI or QR codes and receive PDF tickets containing fake booking references and non-functional QR codes.
In many cases, victims only discovered the fraud upon arriving at stadiums, often just hours before a match when genuine tickets were no longer available. Investigators noted that the scam successfully exploited urgency, excitement and the fear of missing out among cricket fans.
The investigation also revealed that several fake streaming websites were being used to distribute malware. Researchers reported that users clicking on streaming links could trigger redirects that deployed SHub Stealer, an infostealer designed to harvest browser credentials, stored payment information, Apple Keychain data, Telegram sessions, cryptocurrency wallet credentials and system information from both Windows and macOS devices.
Researchers highlighted advanced macOS targeting methods, where websites used browser detection scripts to identify operating systems before redirecting users to fake Apple security update pages or GitHub installer links. Victims were allegedly instructed to paste commands into Terminal, leading to malware installation capable of extracting data for extended periods before detection.
Investigators also gained access to the administrative panel of one fraudulent ticketing operation, uncovering backend systems designed to collect victim information, manage payments and automate fraud processes. The report described the operation as industrial-scale digital fraud built using techniques commonly found in legitimate e-commerce platforms.
The findings emerged alongside other major cybercrime activity, including claims by the Incransom ransomware group that it had breached Silergy Corp and stolen more than 450GB of sensitive data. Researchers said the overlap highlights how cybercriminal networks are simultaneously targeting both consumers and enterprises through multiple attack channels.
The investigation concluded that while endpoint security tools can help detect threats, user awareness remains critical. Researchers advised users to avoid purchasing tickets through social media links or search advertisements, access official websites directly through browsers and use only licensed streaming platforms. The report warned that similar fraud infrastructure is likely to reappear around future high-demand events.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.