Threat actors are proactively targeting the 2026 FIFA World Cup ecosystem, employing mobile-first malware, QR-code phishing against event organizers, and real-time AiTM phishing kits to bypass MFA. The campaigns leverage AI-generated infrastructure and urgency-based lures to distribute Android cryptominers, Windows infostealers, and compromise corporate Google Workspace accounts.