Cybercriminals often use creative ways to get malware onto a system but, sometimes, the old ways can prove just as successful as newer tactics are.
Case in point – using games as a way to get malware onto a system.
During the pandemic gaming has become a massive hobby for those stuck at home and cybercriminals have leveraged that appetite to spread malware.
According to Kaspersky, game-related cyberthreats increased between Q1 2020 and Q2 2020 by 66 percent. In total the firm detected 2.48 million instances of malware designed to look like games.
“We have witnessed a clear effect of the pandemic on the number of gaming-related threats. As more people switched to gaming, more users faced threats that were disguised as games,” explains security researcher at Kaspersky Anton Ivanov.
In terms of the most popular game being used to hide malware, Minecraft proves especially popular. While the game is well known, it also supports a variety of mods which could help to lure more unwitting victims. As mods aren’t official releases, cybercriminals can use them to hide their malicious software. Kaspersky says that between June 2020 and June 2021, it detected 36 336 files containing malware disguised as Minecraft mods.
The table below showcases how many users using Kaspersky’s software were affected by malware disguised as games.
Game | Users | Detections | Files |
Minecraft | 184 887 | 3 010 891 | 36 336 |
The Sims 4 | 43 252 | 1 266 804 | 5 844 |
PUBG | 26 724 | 484 528 | 10 360 |
Fortnite | 14 702 | 267 598 | 6 109 |
Grand Theft Auto V | 14 261 | 187 114 | 4 953 |
The malware that was spread included downloaders which were capable of downloading more nefarious programmes but some contain Trojan-Stealers which steal cryptocurrency and Trojan banking malware.
“Two popular ways of threat distribution are phishing pages – there have been a myriad of them targeting users of different gaming platforms, many of which are very hard to tell apart from real sites for regular users. Another attack vector is warez sites – in particular, we have traced a well-coordinated campaign that distributed a dangerous dropper via such sites, affecting users in 45 countries,” says Ivanov.
“With development of in-game goodies and currencies, the gaming industry is becoming even more lucrative and appealing to cybercriminals. Perhaps the worst risks associated with game-related threats is the loss of account credentials – be it login details to a gaming account or, even worse, banking or cryptocurrency applications,” the security researcher added.
It goes without saying that you should be downloading your games from official storefronts as your chances of downloading malware are far lower than they would be if you looked for games on the high seas.