Premier League fantasy football website infected with malicious adverts

The Premier League's official fantasy football website carried malicious advertising that could have been used to infect visitors' computers, researchers have claimed.

A flash-based advert purportedly for a yacht seller redirected to a website hosting a malicious tool that can exploit software vulnerabilities, security company Malwarebytes said.

Malwarebytes found the advert on fantasy.premierleague.com, the Premier League's official fantasy football game with more than 3m players.

The website carries many of the display adverts that are common across the web, but one illegitimate actor managed to infiltrate the site by disguising its destination.

If visitors clicked on the advert, titled they would be sent through to a landing page for a "Nuclear exploit kit", which uses exploits in Flash to detect vulnerabilities in a user's web browser or operating system. According to Heimdal Security, it can use "Flash, Silverlight, PDF, and Internet Explorer exploits to the possibility of launching advanced pieces of malware and ransomware".

Most users will have been protected from any vulnerabilities if they had updated their software to the latest versions.

While the URLs of malicious sites are often blacklisted by advertising platforms, Malwarebytes said the fake advertisers disguised the final location by using Google's goo.gl URL shortener. Since these links belong to Google, they can't be blacklisted at the domain name level.

It was also distributed over HTTPS, an encrypted communication protocol, and the internet address of the provider that hosted the exploit kit was hidden with CloudFlare, a company that can hide addresses behind their own.

Malwarebytes said it had alerted Google about the URL and the Premier League about the advert.

A Premier League spokesamn said: "We are looking into this and have asked the agency which sells our advertising space to make sure this advert is not appearing on our website anywhere in the world."