Hackers are using FIFA World Cup 2026 hype to infect football fans with Voidrift malware
Hackers are exploiting the excitement around the FIFA World Cup 2026 to spread sophisticated malware through personalized phishing emails that appear to offer exclusive merchandise. Researchers say the campaign delivers Voidrift malware and has successfully bypassed several widely used email security platforms.

Harry Kane of England celebrates with team mates. Richard Sellers/Sportsphoto/Allstar/Getty.
Hackers are exploiting the excitement around the FIFA World Cup 2026 to spread sophisticated malware through personalized phishing emails that appear to offer exclusive merchandise. Researchers say the campaign delivers Voidrift malware and has successfully bypassed several widely used email security platforms.
- Hackers are using FIFA World Cup 2026-themed phishing emails to deliver Voidrift malware to victims. The campaign targets football fans and employees through fake merchandise offers.
- The emails impersonate FIFA promotions and claim exclusive t-shirts linked to victims’ employers. Victims are tricked into downloading a sign-up form that installs malware.
- Cofense Intelligence says the campaign is highly targeted and uses personal details like names and company logos. It has bypassed major email security systems including Cisco, Microsoft, and Abnormal Security.
- The malware allows attackers to access corporate networks, steal sensitive data, and spy on organizations. Researchers warn the campaign poses a serious business and cybersecurity risk.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Cybersecurity firm Cofense Intelligence has identified an active phishing campaign around the FIFA World Cup 2026 to deliver sophisticated malware known as Voidrift.
According to security researchers, the scam campaign begins with a simple email that claims to offer exclusive World Cup t-shirts through a fabricated FIFA partnership with the victim’s employer.
People interested in these shirts are asked to download a sign-up form. Instead, malicious software called Voidrift is downloaded and installed, allowing attackers to gain initial access to the victim’s corporate network. Once established, they exfiltrate business data, spy on corporate activities, or compromise sensitive company accounts.
What makes this campaign so dangerous is that each email is tailored to the recipient’s name and the company they work for, and each shirt has the company’s logo embedded.
On top of that, the campaign has successfully bypassed three widely deployed secure email gateways: Cisco IronPort, Microsoft ATP, and Abnormal Security. This means that traditional email security controls can’t be relied on to stop this campaign.
“The combination of convincing social engineering, targeted personalization, proven gateway evasion, and a stealthy payload makes this a high-priority threat warranting immediate attention,” Cofense Intelligence says.
The best way to avoid Voidrift from being installed is not so much by trusting automated email security solutions, but rather for workers to pay close attention and report the phishing campaign.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Ever since the FIFA World Cup 2026 began, multiple sophisticated fraud campaigns have been launched.
In May, a few weeks before the sporting event began, Group-IB researchers uncovered 6 fraud schemes, 4 independent threat actors, and over 4,300 fraudulent domains impersonating FIFA's official web presence.
Recently, the US Department of Justice seized approximately 400 domains illegally streaming FIFA World Cup 2026 matches.
Unlock more exclusive Cybernews content on YouTube.