News

Cheats and mods contain malware used to attack gamers

Cisco Talos experts warned this week that cheats and mods for popular games tend to contain malware and pose a threat to players. According to the researchers, they have discovered a number of new campaigns aimed at gamers (affected games are not specified).

Most often, attackers use social networks and YouTube modding tutorials to distribute and advertise their malicious gaming tools. As a rule, small solutions are advertised in this way, such as game patches, tweaks or mods, behind which malware is actually hidden.

In particular, this method is used to spread the XtremeRAT (ExtRat) malware, a remote access Trojan (RAT) that has been used in targeted attacks since at least 2010. XtremeRAT allows its operators to retrieve documents from compromised systems, intercept keystrokes, take screenshots, record audio and video with webcams and microphones, interact directly with victims, and much more.

Experts point out that in this campaign, attackers use a sophisticated VisualBasic-based cryptor and shellcode to make analysis and detection more difficult and obscure the final payload. In addition, droppers who have infiltrated gamers’ machines use process injection to inject malware into newly created processes. This also makes it difficult to detect and allows malware to hide the final payload from some defenses.

“While the trend on work from home unlikely to end anytime soon and there is an increase in the use of personal PCs to connect to corporate networks, this is a serious threat to corporate networks. Sometimes employees download modding tools or cheats from unreliable sources onto the same machine they use at work”, — warns Cisco Talos.

Almost simultaneously with Cisco, a similar warning was issued by the gaming giant Activision. Research by game developers details how criminals hide malware inside cheats for Call of Duty: Warzone.

The developers of Activision introduce users to a step-by-step scenario of how cheats appear using the example of the Cod Dropper v0.1: from a guide on distributing malware from hacker forums, to the development of the most malicious cheat software and subsequent advertising on gaming forums and YouTube for its distribution.

In essence, Activision warns users against installing any cheating software, even if no malware has yet been found in a particular tool. The fact is that installing questionable cheats and mods can still leave users vulnerable to various attacks in the future.

“Real cheats require the same dependency to run successfully as most malicious programs do. System protection must be bypassed or disabled and privileges must be elevated in order for the program to run correctly and/or maintain a stable presence on the system. Ultimately, this is just a social engineering technique that exploits the willingness of victims (players who want to cheat) to voluntarily lower their defences and ignore warnings about the launch of potentially malware.”

Interestingly, Activision’s warning was issued after the manufacturer declared a real war on CoD cheaters. So, in September 2020, the company banned 20,000 Warzone players for cheating, and in February this year, it banned another 60,000.

You may also be interested to know that ZHtrap malware turns infected devices into traps to search for new victims.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button