Cybercriminals are increasingly abusing gamers. Globally, the number of users attacked by malware, which collects sensitive data and spreads under the guise of some of the most popular gaming titles, increased by 13% compared to the first half of 2021, according to a Kaspersky study. And players from South Africa and Kenya are prime targets
By attempting to download new games for free from untrustworthy resources, gamers got malware instead, losing their game accounts and even funds. These and other findings are part of a report on gaming threats published by Kaspersky.
To assess the current gaming risk landscape, Kaspersky experts looked at the most common PC and mobile gaming threats. Globally, in the year from July 1, 2021 to June 30, 2022, Kaspersky security solutions detected more than 384,000 users affected by nearly 92,000 unique malicious or unwanted files, which mimicked 28 games or series games.
During the same period, in South Africa, 1,561 unique users were affected by 1,268 malicious and unwanted files. In Kenya, 1,159 unique users were affected by 968 malicious and unwanted files.
In addition to the large number of downloaders capable of installing other unwanted programs and adware, Kaspersky researchers have detected Trojan-Spies – a category of spyware capable of tracking all data entered on the keyboard and taking screenshots screen.
Most often, users receive malicious files when they try to download games not from official sites, but from third party web pages. This is especially true if a new game is quite expensive and the player wants to save money by finding a free copy on unreliable sites. However, they will lose a lot more than if they bought a legit version. For example, many malicious files steal login credentials for gaming accounts, banking details, and even crypto wallet data, infecting devices.
Attackers deliberately seek to spread threats under the guise of games that either have huge captive audiences or have only recently been released and are constantly on gamers’ radars. Well-known games such as Roblox, FIFA or Minecraft, for example, as well as new parts of major game series, released in the last year – Elden Ring, Halo and Resident Evil – have been actively abused by attackers who have spread RedLine malware under their guise.
RedLine is password stealing software, which extracts sensitive data from the victim’s device, such as passwords, saved bank card details, cryptocurrency wallets and credentials for VPN services. Overall over the year, Kaspersky’s solutions detected 2,362 unique users attacked with RedLine, distributed under the guise of popular games, making it the most active threat family for the given period. Redline is usually sold at a very low price on various hacker forums, so it has huge popularity among cyber criminals.
In addition to spreading malicious files, attackers continue to actively create and spread new gaming phishing pages. For the first time, Kaspersky experts have discovered a new phishing scheme attacking gamers. Mimicking the entire interface of in-game stores for CS:GO, PUBG, and Warface, scammers create scam pages, offering potential victims a decent arsenal of various weapons and artifacts for free. To receive the gift, players must enter the login details of their social media accounts, such as Facebook or Twitter. After taking control of the accounts, attackers are likely to search personal messages for card details or demand money from various friends of the victim, taking advantage of their trust and carelessness.
“During the pandemic, the gaming industry was given a huge boost, multiplying the number of gaming fans,” says Anton Ivanov, senior security researcher at Kaspersky. “As we can see, cybercriminals are actively abusing this trend, creating more and more new schemes and tools to attack gamers and steal their credit card data and even game accounts, which may contain expensive skins. which can then be sold. We expect to see new types of player attacks next year. For example, the esports strikes, which are now gaining popularity around the world. That’s why it’s so important to always be protected, so you don’t lose your money, credentials, and gaming account.”
Find out more gambling threats in 2022 in the full report on Safe List.
To stay safe while gaming, Kaspersky recommends:
- It is safer to download your games from official stores like Steam, Apple App Store, Google Play or Amazon Appstore only. The games in these marketplaces are not 100% secure, but at least they are verified by store representatives and there is some kind of filtering system: not all apps can enter these stores.
- If you want to buy a game that is not available in major stores, buy it only from the official website. Check the website URL and make sure it is genuine.
Beware of phishing campaigns and unknown players. Do not open links received via email or game chat unless you trust the sender. Do not open files you receive from strangers.
- Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
- A solid and reliable security solution will be of great help to you, especially if it will not slow down your computer while you play, but at the same time, it will protect you from all possible cyber threats. For instance,Kaspersky Total Security works smoothly with Steam and other gaming services.
- Use a robust security solution to protect yourself from malware and its activity on mobile devices, such as Kaspersky Internet Security for Android.