"Why motorsports? Because things are moving fast and when things are moving fast, people make mistakes," said Bogdan Botezatu, senior director of threat research at Bitdefender.
Bitdefender’s yearlong Grand Prix analysis
Bitdefender's Cybersecurity Grand Prix Fan Threat Index is the result of a yearlong project that analyzed the cybercriminal landscape around Formula 1 weekends. The company presented its findings at Maranello, Italy, where Bitdefender—identified in the report as the official cybersecurity partner of the Scuderia Ferrari HP Formula 1 team—outlined how a growing global digital ecosystem around motorsport has become an attractive target for fraudsters.
The report frames the problem broadly: fans and Formula 1 teams now share attackers’ attention, and bad actors have constructed entire ecosystems devoted to monetizing that attention. Their objectives include stealing personal information and credit card details, generating illicit revenue, distributing malware and recruiting devices into botnets used for distributed denial-of-service (DDoS) attacks.
Fake F1 streaming apps and the Clickfix technique
One of the most common scams documented by Bitdefender targets fans looking to watch races without paying for official subscriptions. Fraudsters advertise applications on social media, Discord and Telegram that purport to provide free access to race broadcasts. Users are instructed to download and manually install APK files outside of official app stores.
The report names a specific social‑engineering approach used to bypass device protections: Clickfix. According to Bitdefender, apps obtained this way often deliver aggressive monetization—excessive advertising, forced redirects and pop-ups—and, in the worst cases, install infostealer malware designed to harvest usernames, passwords and banking information. Bitdefender also notes that some of the advertised apps do not actually show the race at all, leaving victims with malware or scams and no stream.
Bitdefender also warns about inexpensive third‑party streaming boxes. While such devices may appear to offer cost savings, the company reports they can arrive with malware pre‑installed, creating an immediate security risk for buyers.
Counterfeit merchandise and cloned stores advertised on social media
Another major category of fraud involves fake merchandise. Bitdefender documents that threat actors aggressively advertise heavily discounted motorsport goods on social media, often promising “80% discounts.” Those adverts direct fans to sham online shops that either ship low‑quality bootlegs or serve as phishing sites to harvest payment and personal data.
The report describes a repeatable pattern: threat actors skilled at cloning legitimate sites and leveraging social platforms to push traffic toward fake stores. In some instances buyers receive a poor counterfeit product; in others they provide sensitive information directly to criminals. Bitdefender’s advisory for fans is simple: be skeptical of offers that appear “too good to be true” and consider anti‑phishing or anti‑virus applications to reduce risk.
Device recruitment into botnets and the broader payoff
Beyond one‑off fraud and phishing, the report highlights a largescale operational payoff for attackers: recruiting fan devices into botnets. Bitdefender warns that motorsport fans can be duped into having their devices co-opted into "a notorious botnet of millions of devices used to carry out DDoS attacks." The utility of such botnets to criminal enterprises—by providing computing power for attacks or rental to other criminals—helps explain why threat actors invest in the ecosystems described elsewhere in the report.
In short, the business model described by Bitdefender combines social engineering, fake storefronts, malicious or misleading software installs and the resale of compromised devices or access—each element generating direct revenue or long‑term operational leverage for attackers.
What this means for fans, Formula 1 teams, and security teams
- Fans: The immediate risks are financial loss and identity theft from fake merchandise sites, and data compromise or device takeover from illegitimate streaming apps and compromised streaming boxes. Bitdefender urges caution around discounted offers and recommends anti‑phishing or anti‑virus tools.
- Formula 1 teams: The report notes teams are part of the threat landscape; high‑profile teams attract counterfeit merchandise scams and social media abuses. That creates reputational and customer‑trust risks when supporters are defrauded via counterfeit goods advertised under a team’s brand.
- Security teams and technologists: Bitdefender’s findings underline the need to monitor social channels, messaging platforms like Discord and Telegram, and third‑party marketplaces for cloned sites and malicious app distribution. The report’s identification of Clickfix and APK distribution highlights specific techniques defenders should watch for during race weekends.
Bitdefender’s research paints motorsport’s expanding digital ecosystem as both an opportunity for fans and a lure for criminals. Where speed and excitement compress attention spans, the company warns, opportunistic actors exploit haste and trust. For organizers, teams and supporters alike, the study’s specific examples—fake streaming apps advertised off‑platform, phony shops promising big discounts, and devices repurposed into botnets—offer clear warning signs that a quick deal or convenient stream can come with hidden costs.
Read the full report at the original story: https://www.infosecurity-magazine.com/news/how-fraudsters-target-f1-fans/




