Connect with us

Hi, what are you looking for?

HEADLINES

Malware that steals credentials and credit card details abuses biggest new games

In attempts to download new games from untrustworthy resources for free, players actually received malicious software, losing their gaming accounts and even money. These and other findings are part of the gaming-related threats report issued by Kaspersky. 

In the first half of 2022, Kaspersky researchers detected increased activity of cybercriminals abusing gamers. The number of users attacked by malicious software, which gathers sensitive data and spreads under the guise of some of the most popular gaming titles, has increased by 13% compared to the first half of 2021. 

In attempts to download new games from untrustworthy resources for free, players actually received malicious software, losing their gaming accounts and even money. These and other findings are part of the gaming-related threats report issued by Kaspersky. 

To assess the current landscape in gaming risks, Kaspersky experts observed the most popular PC and mobile games-related threats. Overall, between 1 July 2021 and 30 June  2022, Kaspersky security solutions detected more than 384,000 users affected by almost 92,000 malicious or unwanted unique files that mimicked 28 games or series of games.

In addition to the large number of downloaders that are able to install other unwanted programs, and adware, Kaspersky researchers even detected Trojan-Spies – a category of spyware capable of tracking any data entered on the keyboard and taking screenshots.

Advertisement. Scroll to continue reading.

The research also revealed a growth in attacks made with malicious software that steals sensitive data from infected devices. It included Trojan-PSW, which gathers victims’ credentials, Trojan-Banker, that steals payment data, and Trojan-GameThief, which collects login information for gaming accounts. 

From July 1st, 2021 to June 30th, 2022 Kaspersky security solutions detected a total of 3,705 unique files distributing this malicious software under the guise of popular games or series of games. In the first half of 2022, Kaspersky researchers observed a 13 percent increase in the number of users attacked with it in comparison to the first half of 2021. The number of such unique files used to infect users also increased in the first half of 2022 by nearly a quarter, compared to the same period in 2021: 1,868 and 1,530 files, respectively.

Most often, users receive malicious files when they try to download games not from official sites, but from third-party webpages. This is especially true if a new game is quite expensive and the player wants to save money by finding a copy for free on untrustworthy sites. However, they will lose much more than if they had bought a legitimate version. For example, many malicious files steal login information for gaming accounts, banking details and even crypto wallet data by infecting devices.

Attackers purposely seek to spread threats under the guise of games that either have a huge captive audience or that have only recently been released and are constantly on gamers’ radars. Well-known games such as Roblox, FIFA or Minecraft, for example, as well as the new parts of big series of games, released during the last year – Elden Ring, Halo, and Resident Evil – were actively abused by attackers who spread RedLine malware under their guise.

RedLine is password-stealing software, which extracts sensitive data from the victim’s device such as passwords, saved bank card details, cryptocurrency wallets, and credentials for VPN services. 

Advertisement. Scroll to continue reading.

From July 1, 2021 to June 30, 2022 Kaspersky solutions detected 2,362 unique users attacked with RedLine, spread under the guise of popular games, which makes it the most active threat family for the period given. Redline is usually sold for a very low price on various hacker forums, therefore, it has huge popularity among cybercriminals.

In addition to spreading malicious files, attackers continue to actively create and spread new phishing pages in the gaming sphere. For the first time Kaspersky experts discovered a new scheme of phishers attacking gamers. Mimicking the whole interface of in-game stores for CS:GO, PUBG and Warface, scammers create fraudulent pages, offering potential victims a decent arsenal of various weapons and artifacts for free. 

To receive the gift, players need to enter login data for their social network accounts, such as Facebook or Twitter. After taking over accounts, attackers are likely to search through personal messages for card details, or ask various friends of the victim for money, preying on their trust and carelessness.

https://lh6.googleusercontent.com/IzIVXFoTvAw8K7rdyTnhPlEi8Y9D60aeSk2Ox-rsiaCpfGkt4EeNgIAxHNV99GZfl7bhclATDMrmZ6wPIy5wgJoE496s2nBkqu3QgEk1Npc62ujcrWKhjPoeQXu82FEjF3f7Z88N5K56rnvbkwmVFIs

Scammers create fake in-game store mimicking the PUBG mobile interface. The scheme encourages users to log in using their social media credentials

“During the pandemic the gaming industry was greatly boosted, increasing the number of gaming fans several times over. As we can see, cybercriminals are actively abusing this trend, creating more and more new schemes and tools to attack players and steal their credit card data and even game accounts, which can contain expensive skins that can later be sold. We expect to see new types of attacks on gamers in the next year. For example, strikes on Esports, which are now gaining huge popularity around the world. That’s why it’s so important to always be protected, so you don’t lose your money, credentials, and gaming account,” comments Anton V. Ivanov, senior security researcher at Kaspersky.

Read about other gaming-related threats in 2022 in the full report on Securelist.

Advertisement. Scroll to continue reading.

To stay safe while gaming, Kaspersky recommends:

  • It is safer to download your games from official stores like Steam, Apple App Store, Google Play or Amazon Appstore only. Games from these markets are not 100 % secure, but they at least are checked by store representatives and there is some kind of screening system: not every app can get into these stores.
  • If you wish to buy a game that is not available through major stores, purchase them from the official website only. Double-check the URL of the website and make sure it is authentic.
  • Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender. Do not open files you get from strangers.
  • Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
  • A strong, reliable security solution will be a great help to you, especially if it will not slow down your computer while you are playing, but at the same time, it will protect you from all possible cyberthreats. For example, Kaspersky Total Security works smoothly with Steam and other gaming services.
  • Use a robust security solution to protect yourself from malicious software and its activity on mobile devices, such as Kaspersky Internet Security for Android.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement