World Cup Streaming Scams Steal Rs 7.5 Million in Nepal

Fake ads promising free FIFA World Cup streaming have drained Rs 7.5 million from Nepali football fans in under two weeks, according to reported incidents. The scam works through fraudulent promotions that lure users into downloading malicious apps, which then hand hackers control over their phones and bank accounts.

The mechanics are straightforward and deliberate. Scammers place ads, likely across social media and messaging platforms, that promise free broadcasts of FIFA World Cup matches. Fans click through, download what appears to be a streaming app, and unknowingly install malware. Once installed, the software can access banking credentials, one-time passwords, and personal data stored on the device.

This type of attack is called a trojanised app, where software disguised as something useful secretly grants remote access to the attacker. The victim sees a football stream or a loading screen while the app silently works in the background, reading messages, capturing keystrokes, or directly accessing mobile banking apps.

Why This Works So Well

Major sporting events are a proven hunting ground for this kind of fraud. Demand for free or cheap streams is high, official broadcast rights are expensive and geographically restricted, and fans are often in a hurry to watch a match. That combination lowers caution and raises click-through rates on malicious links.

Nepal has seen rapid growth in mobile banking and digital wallets over the past several years, which increases the reward for attackers who gain access to a device. A single compromised phone can expose multiple payment apps, saved card details, and bank login credentials simultaneously. The Rs 7.5 million figure across less than two weeks suggests either a large number of victims, high individual losses, or both.

The speed of the losses, under a fortnight, points to an organised operation rather than isolated incidents. Coordinated scam campaigns of this type typically run hard during peak event windows, then shut down or migrate before authorities can respond effectively.

What Victims and Potential Targets Should Know

Anyone who has downloaded an app through an ad promising free World Cup streaming in this period should treat their device as potentially compromised. The practical steps are to immediately change banking passwords from a separate, clean device, alert their bank or mobile wallet provider, and if possible, do a full factory reset of the affected phone after backing up essential data.

For those who have not yet been affected, the core rule is simple: do not download streaming apps from ad links, social media posts, or messaging forwards. Legitimate broadcast platforms are distributed through official app stores and verified websites. If a free stream sounds too convenient, it is almost certainly a delivery mechanism for malware.

Nepali cybercrime authorities and banks should be expected to issue formal advisories, though the speed at which these campaigns move often means financial damage is already done before warnings reach a wide audience. Anyone with information about the scam or who has suffered losses should file a complaint with Nepal Police's cyber bureau as quickly as possible, since early reports help investigators trace payment flows before funds are moved further.

The broader pattern here is not unique to Nepal. Similar scams ran during the 2022 FIFA World Cup, major cricket tournaments, and the Olympics across South and Southeast Asia. The combination of high-interest events, aggressive social media advertising, and growing mobile payment adoption creates a repeating opportunity for organised fraud groups. Fans in Nepal and elsewhere should treat any unsolicited offer of free sports streaming as a threat until proven otherwise.