World Cup 2026: The dark side of free Streaming

For several days, warnings have been circulating on social media about unofficial streaming apps used to watch World Cup matches. The issue has gained such traction that Bank Al-Maghrib has asked banks to raise awareness among their customers about the cybercrime risks associated with these platforms. Here is what you need to know.

Par

To watch the 2026 World Cup without paying for a subscription, thousands of Moroccans have turned to unofficial streaming apps. But behind the promise of free access lies a range of serious cybersecurity risks. Concerned by a rise in fraud attempts linked to the tournament, Bank Al-Maghrib (BAM) has recently instructed banks to warn their customers about the growing threat.

Since the start of the competition, warning messages have spread rapidly across social media. On Facebook, WhatsApp, and Telegram, users have been sharing alerts, personal accounts, and advice about apps that offer free access to matches. Among them, Yacine TV is one of the most frequently mentioned.

Popular across several Arab and African countries, Yacine TV offers free access to pay-TV channels broadcasting sports competitions, among other content. It operates by illegally streaming content protected by audiovisual rights, making it unlawful in many countries. Because it is unavailable through official app stores, users typically download it from third-party websites, a practice that significantly increases security risks.

A viral testimonial

A few days before the tournament began, a voice message widely shared on WhatsApp helped fuel public concern. In the recording, a man claims that someone attempting to watch a match through a streaming app was prompted to install an update. After clicking a link and granting certain permissions on the phone, the device reportedly began malfunctioning.

According to the account, several bank transfers totaling more than 30,000 dirhams were then made without the user’s knowledge. The message, which quickly went viral, also claims that several victims have filed complaints over similar incidents.

However, it has not been possible to independently verify the exact circumstances of the alleged incident or determine the precise role played by the app in question. Nevertheless, the story has reinforced growing mistrust of unofficial streaming platforms.

Although the central bank does not identify any specific application, it does acknowledge an increase in cyber threats linked to the World Cup.

The BAM alert

In a memo sent to banking institutions on June 15, Bank Al-Maghrib warned of “an international resurgence of cybercrime campaigns exploiting public interest in this sporting event.”

The institution specifically cites the “distribution of malware via fake apps or platforms streaming the matches  as well as phishing campaigns designed to obtain users’ “login credentials and banking information.”

BAM has therefore instructed banks to remind customers “ to exercise caution before installing any app related to match broadcasts”  to avoid clicking on links received via text message, email, or social media, and to verify the authenticity of websites before entering personal or banking information. Such intervention by the central bank is rare and reflects the authorities’ level of concern over these practices.

Pirated app or fake clone?

On social media, several IT specialists have urged users to distinguish between illegal streaming itself and the malware that often circulates within that ecosystem. A Casablanca-based electronics retailer explained on Facebook that “the original app is known for not requesting dangerous permissions” such as access to text messages or a phone’s accessibility settings.

According to him, the real danger comes from the many counterfeit versions circulating under similar names, or from apps downloaded from unreliable websites where users unknowingly grant excessive permissions.

“The problem generally doesn’t stem from Yacine TV itself, but rather from counterfeit versions or other malicious apps downloaded from unknown websites he writes.

He also noted that modern banking apps incorporate multiple layers of protection, including strong authentication and security alerts. Fraud typically results from a combination of factors, including malware installation, the inadvertent disclosure of sensitive information, or the authorization of fraudulent transactions.

Cybersecurity experts regularly report spikes in phishing campaigns during major international sporting events. Cybercriminals exploit public excitement by distributing fake apps, fraudulent streaming websites, and deceptive promotional offers tied to the competitions.

The method is straightforward: entice users with the promise of free access to matches, then steal personal data, install spyware, or redirect victims to fraudulent platforms. Illegal streaming apps are particularly attractive vehicles for these attacks. Because they bypass official distribution channels, they often require users to disable certain security protections on their devices or download files from unknown sources.

Toward tighter legislation

This controversy comes as  Morocco prepares to strengthen its legal arsenal against audiovisual piracy. Recently adopted by the Council of Government, Bill No. 013.26 amending Law 2.00 on copyright and related rights aims to adapt the legal framework to the new realities of the digital age.

Among its key provisions, the bill broadens the definition of piracy to explicitly include the illegal transmission of sporting events, which the authorities describe as  “direct infringement of exploitation rights and a threat to investment efforts in the audiovisual sector.”

In the bill’s explanatory memorandum, the government stresses that the issue has taken on added importance as the Kingdom prepares to host major international sporting events, chief among them the 2030 World Cup. Beyond the question of audiovisual rights, the 2026 World Cup has also brought another reality into sharp focus: when it comes to illegal streaming, the true cost is not always the one users believe they are avoiding.

Written in French by Ghita Ismaili, edited in English by Amina Kadiri 

à lire aussi