GHOST STADIUM Phishing Campaign Targets FIFA World Cup Fans With 300+ Fake Domains

Researchers uncovered a coordinated, high-scale fraud operation (GHOST STADIUM) exploiting FIFA World Cup 2026 ticket demand: a React-based phishing kit clones FIFA’s SSO (using a real client_id) across 300+ domains and 3,500+ impersonating sites, while Vidar and Lumma infostealers harvest browser credentials and session tokens; the report provides extensive IoCs (domains, IPs, Meta Pixel IDs, payment gateways) and recommends monitoring, takedown, MFA, and user caution.