Newsroom News Breaking Comics Tags RSS
News hardware & software 31 August 2021, 13:41

author: GRG

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players

Kaspersky has stopped 5.8 million malware attacks on users of bootleg versions of GTA 5, Minecraft, The Sims 4 and other games.

Kaspersky released a comprehensive report on gaming threats during the COVID-19 pandemic. The company examined how malware was distributed, which game titles were most frequently used by cybercriminals and what types of threats were prevalent. The period from January 2020 to June 2021 was analyzed. Kaspersky stopped more than 5.8 million malware attacks during that time. The most popular PC titles used to spread malware are, in order: Minecraft, The Sims 4, PUBG, Fortnite and Grand Theft Auto V. For mobile devices they are: Minecraft, PUBG and Among Us. Kaspersky's methodology is based on the analysis of telemetry data provided by users using the company's products.

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players - picture #1
Top 10 games used for malware distribution by number of attacked users / Source: Kaspersky

The main mechanisms of malware distribution are not new, but the specific conditions of the pandemic have significantly increased the dynamics of this phenomenon. Gamers not only search the Internet to get the aforementioned games for free - mods, add-ons, skins, crates and other content related for specific games are also extremely popular. According to Kaspersky's report, the biggest increase in the number of users downloading malware in the form of games was during lockdown periods in many countries.

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players - picture #2
Users downloading malware in the form of a game / Source: Kaspersky

The report describes, among other things, the discovery of a network of affiliate websites offering illegal software where full versions of games could be downloaded. Users unknowingly installed software called Swarez Dropper on their computers, collecting data from web browsers, crypto wallets and other apps. The Swarez Dropper malware affected residents of 45 countries. Interestingly, they downloaded and installed this type of malware not only in the form of video games, but even as anti-malware applications.

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players - picture #3
Threats detected in downloaded games / Source: Kaspersky

As you can see, the vast majority of threats detected by Kaspersky software involved the "not-a-virus:Downloader" variant. This in itself is not a direct threat and is often referred to as a false positive by anti-virus programs; it is often an installer that downloads up to date files from a server. However, it can be used to spread various types of threats, especially in the form of an installer for e.g. a popular game. It is worth mentioning the so-called Miners, software that mines cryptocurrencies on the victim's computer, running in the background. Often the only symptom is increased power consumption or louder fan operation.

The situation looks interesting in the case of mobile devices. Here, the undisputed leader in popularity is Minecraft. Players download infected full versions of the game and fake modpacks, and the Google Play store is full of suspicious applications that use the brand.

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players - picture #4
Top 10 mobile games used for malware distribution by number of users / Source: Kaspersky

The vast majority of malware on mobile devices consists of various types of unwanted and intrusive ads (Adware - 95.75%). The remaining few percent are trojans of various types.

A separate category of threats identified in the report is phishing, or fraud based on impersonation. Kaspersky doesn't provide stats in this case, just an indication of the problem. These include online currency generators for specific games, free chests, alleged contests with valuable skins for CS:GO, free points for FIFA 21, items for Pokemon GO, and so on. In return, the player must download and run the generator (which is a virus) on their hardware, transfer a small amount of money or provide login information in the game in a special form. Scammers create websites that offer to level up characters in MMO games, phish and steal accounts on Steam, Twitch and other platforms. The list is really long. Phishing websites imitating official websites, where logins, passwords and credit card data are phished for, have become a scourge. An average user is usually unable to distinguish such websites from the originals in terms of graphic layout. A good example of this is the fake Discord Nitro page shown in the screenshot below.

5.8 Million Hacking Attacks on GTA 5, Minecraft and The Sims 4 Players - picture #5
Fake website with Discord Nitro promotion / Source: Kaspersky

Scammers are often careless in creating large numbers of such pages, and a careful user can spot odd-looking language errors. Another example of phishing are profiles on Steam offering game swaps or free content (skins, lootboxes). Scammers use this method to obtain game keys and accounts.

Sample profile of a scammer on Steam / Source: Kaspersky

How can we protect ourselves from such threats? First of all, we need to use common sense and follow the basic rules. Kaspersky specialists recommend the following:

  • Use two-factor authentication wherever possible;
  • Use strong passwords, different for each account;
  • Use anti-virus software;
  • Don't click on email or chat links without making sure they're safe;
  • Check website addresses carefully before giving out your details;
  • Keep your software up to date;
  • Only download software from legitimate sources;
  • Don't install anything from suspicious websites.