Popular games under threat of credential-stealing malware


Kaspersky researchers observed that cybercriminals are abusing gamers more and more in the first half of 2022, in which the malicious activity has increased by 13% compared to the first half of 2021.

Malicious software involves gathering sensitive data that spreads online under the guise of several popular gaming titles. Those downloading new games from untrustworthy resources for free will get malicious software that could lose their gaming accounts and even money. 

The most popular platforms abused by cybercriminals to target players are those using PC and mobile. Overall, between July 1, 2021, and June 30, 2022, Kaspersky security solutions detected over 384,000 users affected by almost 92,000 malicious or unwanted unique files that mimicked 28 games or series of games.

Kaspersky researchers also detected Trojan-Spies, spyware capable of tracking any data entered on the keyboard and taking screenshots). They also revealed a growth in attacks made with malicious software that steals sensitive data from infected devices. It included Trojan-PSW, which gathers victims’ credentials, Trojan-Banker, which steals payment data, and Trojan-GameThief, which collects login information for gaming accounts. 

From July 1 to June 30, 2022, Kaspersky security solutions detected 3,705 unique files distributing this malicious software under the guise of popular games or series of games. Furthermore, in the first half of 2022, Kaspersky researchers observed a 13% increase in the number of users attacked with it compared to the first half of 2021.

The number of such unique files used to infect users also increased by nearly a quarter in the first half of 2022, compared to the same period in 2021: 1,868 and 1,530 files, respectively.

These threats happen more often when players try to download games not from official sites but from third-party webpages. This is especially true if a new game is expensive and the player wants to save money by finding a copy for free on untrustworthy sites. However, they will lose much more than if they had bought a legitimate version. For example, by infecting devices, many malicious files steal login information for gaming accounts, banking details, and even crypto wallet data.

For example, well-known games such as Roblox, FIFA, Minecraft, and the new parts of big series of games released during the last year – Elden Ring, Halo, and Resident Evil – were actively abused by attackers who spread RedLine malware under their guise. This password-stealing software can extract sensitive data from the victim’s device, such as passwords, bank card details, and cryptocurrency, for VPN services. The software is popular among cybercriminals as it is usually sold for a meager price on various hacker forums.

During the same period, Kaspersky detected 2,362 unique users attacked with RedLine, spread under the guise of popular games, which makes it the most active threat family for the period given. 

In addition to spreading malicious files, attackers continue to actively create and distribute new phishing pages in the gaming sphere. For the first time, Kaspersky experts discovered a new scheme of phishers attacking gamers. Mimicking the whole interface of in-game stores for CS: GO, PUBG, and Warface, scammers create fraudulent pages, offering potential victims a decent arsenal of various weapons and artifacts for free.

Scammers create fake in-game store mimicking the PUBG mobile interface. The scheme encourages users to log in using their social media credentials. (source: Kaspersky)

In exchange for exposing their credentials or user info by logging in to their social network accounts, they allegedly receive the gift. Attackers will then search through the victims’ personal messages for card details or ask various friends of the victim for money. 

“We expect to see new types of attacks on gamers in the next year. For example, strikes on Esports, are now gaining huge popularity around the world. That’s why it’s so important to always be protected, so you don’t lose your money, credentials, and gaming account,” commented Anton V. Ivanov, a senior security researcher at Kaspersky.

To stay safe while gaming, Kaspersky recommends:

  • Download your games from official stores like Steam, Apple App Store, Google Play, or Amazon Appstore. Games from these markets are not 100 % secure, but they at least are checked by store representatives, and there is some kind of screening system: not every app can get into these stores.
  • If you wish to buy a game that is not available through major stores, purchase them from the official website only. Double-check the URL of the website and make sure it is authentic.
  • Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender. Likewise, do not open files you get from strangers.
  • Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
  • A strong, reliable security solution will be a great help to you, especially if it will not slow down your computer while you are playing, but at the same time, it will protect you from all possible cyber threats. For example, Kaspersky Total Security works smoothly with Steam and other gaming services.
  • Use a robust security solution to protect yourself from malicious software and its activity on mobile devices, such as Kaspersky Internet Security for Android.

Read about other gaming-related threats in 2022 in the full report on Securelist.