Top 5 Threats to Online Gaming Users
Online games are very common today, so it is not surprising that their users become targets for intruders. In this post we will look at the most common types of attacks that threaten players. As in the case with other users, players can become a victim of phishing messages, as well as fake applications.
To date, a significant number of copies of Win32 / PSW.OnLineGames Trojans are known , which specialize in stealing confidential information from online games or performing other fraudulent operations with glasses of the user's game characters. Consider each of the threats in more detail.
We have repeatedly written about the destructive properties of extortionists, cryptographers. This malicious software specializes in encrypting user files followed by a ransom request for decryption.
')
Among other members of the encryption families, TeslaCrypt stands out in that it specializes in encrypting data files belonging to games. Among these games are such known as Call of Duty and Minecraft. TeslaCrypt blocks user access to game save files, configuration files, and game element files.
If we look at the graph below, we will see the number of TeslaCrypt detections by the ESET AV products in 2016. The maximum detection level is in March, reaching more than half a million cases.
However, there are two key points that are worth mentioning. First, TeslaCrypt no longer develops - the developers have closed the file recovery service. However, the malware itself can still spread and successfully infect the systems of users of online games. The good news is the fact that the ransomware authors published a universal file decryption key that was used in the file decryption tool from ESET.
Secondly, this type of ransomware, which aims to encrypt game files, is not effective, since modern games store files of saved games and settings on a remote server, making it possible to recover files from the cloud if they are lost. Thus, those games that do not store their data on a remote server are more susceptible to malicious actions of the extortionist.
Password hijackers of online games are somewhat similar to simple keyloggers who specialize in stealing passwords typed by the user by saving the text typed by the user into a separate file. Such malware can steal user account data from such gaming platforms like Steam or Origin.
Cybercriminals use social engineering techniques to trick users and convince them to perform a malware download operation and then launch it. The most common method of fraud is to send in a chat message to the intended victim with the offer of another player to join his team. This unknown victim is usually very friendly and praises her for good gaming skills, while inviting him to join the team of advanced players.
At some point in time, the victim will be prompted to download and install an application, for example, a program for voice communication. At the same time, the attacker will be quite persistent in his request and will tell the victim that he must install this application in order to join the team. Of course, after downloading and launching the application, the user installs a password hijacker on his system.
The figure above shows a snippet of a chat in which an attacker persuades his victim to install an application. ESET anti-virus products detect and block a large number of malicious programs downloaded in this way. One of these malware is detected by our products as Win32 / PSW.OnLineGames.NNU . In this case, in addition to the theft of credentials and keylogging, the malware is looking for data files of some games, for example, World of Warcraft. Another instance of this family is called Win32 / PSW.OnLineGames.OUM accepts and executes commands received from a remote C & C server. It also tries to neutralize the anti-virus products installed on the user’s system.
In 2016, the number of malware detections Win32 / PSW.OnLineGames reached a quarter of a million copies.
It is worth mentioning other malicious programs that are aimed at compromising the well-known gaming platform Steam. The first is called MSIL / Stimilik.H , it is written in C # and allows attackers to get remote access to the compromised system. The second is called Win32 / PSW.Steam.NBC and has similar characteristics. There is also a malware called Steamlocker, which blocks access to the Steam service and requires a ransom for unlocking.
This method of compromising users is related to social engineering, regardless of which malware it is designed to install. Such a fraudulent scheme is that the user is offered a cracker of any of the games, which is actually malware and does not have the declared functionality.
One of the examples is the “hacker” of the computer game FIFA 16, recently discovered by our specialists. It was distributed through the EA servers and hosted by Mediafire hosting. The file is named fifa16crack (SHA1: 39fb3bdd0a4424eb8bb0489309f6d42d79cee1ce), and its icon convinces the user of the legitimacy of the cracker.
Despite the fact that the cracker performs his function and provides the possibility of playing without a license, he also installs malware into the system. As we can see, in fact, the hacker file is a self-extracting SFX archive that executes .bat files with specific commands for installing the miner cryptocurrency. The PC user can quickly notice the problem, as mining will significantly slow down system performance.
The picture above shows one of the malware configuration files. She specializes in mining several types of cryptocurrency. For example, another configuration file points to the Monero cryptocurrency mining.
It is also worth remembering that despite the presence of the declared functionality in the hacker's application, this does not guarantee the absence of malicious code in it. Therefore, it is important to have installed anti-virus software on your computer and not to disable it when it signals the presence of malicious code in the cracker's file. Even today, we still see that some compromised 10-year-old applications are still active, for example, they include modified versions of Aimbot or Wallhack Counter Strike.
Today, a large number of people play games not only on computers, but also on their smartphones, as well as tablets. Therefore, users should be more careful and pay attention to fake applications that disguise as legitimate games or updates.
Starting in 2015, we recorded the appearance of various malicious mobile applications that were disguised as well-known games and carried out various types of attacks on users from compromised devices . Probably one of the most dangerous such applications was the Android / TrojanDropper.Mapin backdoor that we discovered, which allowed attackers to remotely control the device. He disguised himself as games like Plants vs. Zombies 2 and Subway Surfers. Mapin was used by attackers and for displaying full-screen advertising to the user.
Another known case of a fake application is the scareware application we have already described , which was disguised as a game of Minecraft. The application has been downloaded to the Google Play store over 600 thousand times. It is a fake antivirus that detects “threats” on the device and prompts the user to subscribe to a paid SMS service to remove threats.
Finally, we can mention the first extortionist for Android, which uses the theme of the game Pockemon Go for its own purposes. In this case, the user's device is blocked and normal operation does not become impossible. To unlock the device, you can use the reboot function, however, the application will still continue to work in the background, performing transitions (clicks) on the links of porn sites.
Phishing remains the most common method of attacking online game users. Attackers use fake websites to steal user credentials, as well as fake emails that instruct the user to send confidential data in a reply email message. A fake website can partially or almost completely imitate the interface of the original website; in this case, the theft of the login and password will be falsified using the fake form of entering this data to log into the account.
Below is a list of recommendations, following which you will significantly reduce the risk of infection by the above malware.
To date, a significant number of copies of Win32 / PSW.OnLineGames Trojans are known , which specialize in stealing confidential information from online games or performing other fraudulent operations with glasses of the user's game characters. Consider each of the threats in more detail.
# 1 TeslaCrypt
We have repeatedly written about the destructive properties of extortionists, cryptographers. This malicious software specializes in encrypting user files followed by a ransom request for decryption.
')
Among other members of the encryption families, TeslaCrypt stands out in that it specializes in encrypting data files belonging to games. Among these games are such known as Call of Duty and Minecraft. TeslaCrypt blocks user access to game save files, configuration files, and game element files.
If we look at the graph below, we will see the number of TeslaCrypt detections by the ESET AV products in 2016. The maximum detection level is in March, reaching more than half a million cases.
However, there are two key points that are worth mentioning. First, TeslaCrypt no longer develops - the developers have closed the file recovery service. However, the malware itself can still spread and successfully infect the systems of users of online games. The good news is the fact that the ransomware authors published a universal file decryption key that was used in the file decryption tool from ESET.
Secondly, this type of ransomware, which aims to encrypt game files, is not effective, since modern games store files of saved games and settings on a remote server, making it possible to recover files from the cloud if they are lost. Thus, those games that do not store their data on a remote server are more susceptible to malicious actions of the extortionist.
# 2 Password hijackers
Password hijackers of online games are somewhat similar to simple keyloggers who specialize in stealing passwords typed by the user by saving the text typed by the user into a separate file. Such malware can steal user account data from such gaming platforms like Steam or Origin.
Cybercriminals use social engineering techniques to trick users and convince them to perform a malware download operation and then launch it. The most common method of fraud is to send in a chat message to the intended victim with the offer of another player to join his team. This unknown victim is usually very friendly and praises her for good gaming skills, while inviting him to join the team of advanced players.
At some point in time, the victim will be prompted to download and install an application, for example, a program for voice communication. At the same time, the attacker will be quite persistent in his request and will tell the victim that he must install this application in order to join the team. Of course, after downloading and launching the application, the user installs a password hijacker on his system.
The figure above shows a snippet of a chat in which an attacker persuades his victim to install an application. ESET anti-virus products detect and block a large number of malicious programs downloaded in this way. One of these malware is detected by our products as Win32 / PSW.OnLineGames.NNU . In this case, in addition to the theft of credentials and keylogging, the malware is looking for data files of some games, for example, World of Warcraft. Another instance of this family is called Win32 / PSW.OnLineGames.OUM accepts and executes commands received from a remote C & C server. It also tries to neutralize the anti-virus products installed on the user’s system.
In 2016, the number of malware detections Win32 / PSW.OnLineGames reached a quarter of a million copies.
It is worth mentioning other malicious programs that are aimed at compromising the well-known gaming platform Steam. The first is called MSIL / Stimilik.H , it is written in C # and allows attackers to get remote access to the compromised system. The second is called Win32 / PSW.Steam.NBC and has similar characteristics. There is also a malware called Steamlocker, which blocks access to the Steam service and requires a ransom for unlocking.
# 3 Fake crackers (cracks) of games
This method of compromising users is related to social engineering, regardless of which malware it is designed to install. Such a fraudulent scheme is that the user is offered a cracker of any of the games, which is actually malware and does not have the declared functionality.
One of the examples is the “hacker” of the computer game FIFA 16, recently discovered by our specialists. It was distributed through the EA servers and hosted by Mediafire hosting. The file is named fifa16crack (SHA1: 39fb3bdd0a4424eb8bb0489309f6d42d79cee1ce), and its icon convinces the user of the legitimacy of the cracker.
Despite the fact that the cracker performs his function and provides the possibility of playing without a license, he also installs malware into the system. As we can see, in fact, the hacker file is a self-extracting SFX archive that executes .bat files with specific commands for installing the miner cryptocurrency. The PC user can quickly notice the problem, as mining will significantly slow down system performance.
The picture above shows one of the malware configuration files. She specializes in mining several types of cryptocurrency. For example, another configuration file points to the Monero cryptocurrency mining.
It is also worth remembering that despite the presence of the declared functionality in the hacker's application, this does not guarantee the absence of malicious code in it. Therefore, it is important to have installed anti-virus software on your computer and not to disable it when it signals the presence of malicious code in the cracker's file. Even today, we still see that some compromised 10-year-old applications are still active, for example, they include modified versions of Aimbot or Wallhack Counter Strike.
# 4 Fake Apps
Today, a large number of people play games not only on computers, but also on their smartphones, as well as tablets. Therefore, users should be more careful and pay attention to fake applications that disguise as legitimate games or updates.
Starting in 2015, we recorded the appearance of various malicious mobile applications that were disguised as well-known games and carried out various types of attacks on users from compromised devices . Probably one of the most dangerous such applications was the Android / TrojanDropper.Mapin backdoor that we discovered, which allowed attackers to remotely control the device. He disguised himself as games like Plants vs. Zombies 2 and Subway Surfers. Mapin was used by attackers and for displaying full-screen advertising to the user.
Another known case of a fake application is the scareware application we have already described , which was disguised as a game of Minecraft. The application has been downloaded to the Google Play store over 600 thousand times. It is a fake antivirus that detects “threats” on the device and prompts the user to subscribe to a paid SMS service to remove threats.
Finally, we can mention the first extortionist for Android, which uses the theme of the game Pockemon Go for its own purposes. In this case, the user's device is blocked and normal operation does not become impossible. To unlock the device, you can use the reboot function, however, the application will still continue to work in the background, performing transitions (clicks) on the links of porn sites.
# 5 Phishing
Phishing remains the most common method of attacking online game users. Attackers use fake websites to steal user credentials, as well as fake emails that instruct the user to send confidential data in a reply email message. A fake website can partially or almost completely imitate the interface of the original website; in this case, the theft of the login and password will be falsified using the fake form of entering this data to log into the account.
Recommendations
Below is a list of recommendations, following which you will significantly reduce the risk of infection by the above malware.
- Regularly update your games and applications. For them, there are regular updates that can close vulnerabilities exploited by hackers.
- Use antivirus software on your computer and do not disable it. Be careful and pay attention to notifications of applications that ask you to disable anti-virus protection for your successful launch in the system. Some antivirus products include a special setting for the game mode, which optimizes the operation of the antivirus software while the user is playing. This configuration is provided by the ESET Smart Security antivirus product.
- Ignore requests to send secret information in the chat from other users. Remember that game developers will never ask you for secret information. Use two-factor authentication, if it is present, thus, even if the attacker gets your account password, he will not be able to log in using it. Examples of 2FA authentication of the following services: Steam Guard / Steam Mobile Authenticator, Login verification for Origin, Blizzard / Battle.NET Authenticator.
- Regularly change passwords on your gaming services accounts. Use also the secret phrase and do not use the same phrases on several services.
Source: https://habr.com/ru/post/313114/
All Articles