Security Alert Malware hidden in game cheats and mods used to target gamers

silversurfer

Level 70
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,993
Threat actors target gamers with backdoored game tweaks, patches, and cheats hiding malware capable of stealing information from infected systems.

The attackers mostly use social media channels and YouTube how-to videos for advertising their malware-laced modding-related game tools.

Cisco Talos researchers who spotted multiple campaigns using these tactics said that they've "seen several small tools looking like game patches, tweaks or modding tools" backdoored with obfuscated malware.

"These types of attacks are a return to form for classic virus campaigns — video game players are no strangers to trying to avoid malicious downloads while trying to change the game they're playing," the researchers said in a report published today.
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,042
Original - Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
  • Cisco Talos recently discovered a new campaign targeting video game players and other PC modders.
  • Talos detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files that users would usually download to install cheat codes into video games or other visual and game modifications (aka "mods").
  • The cryptor uses Visual Basic 6 along with shellcode and process injection techniques.
  • We have a full analysis of the VB6 header of one of the samples used in these campaigns and provide a detailed walkthrough for security analysts.
 

Threadripper

Level 9
Feb 24, 2019
415
The people who make these know that everybody who wants them will simply exclude them from their antivirus. If a cheat isn't detected then I see that as a good thing (it's hopefully not malicious), if it's detected as a hacktool then it's down to the user, however they should not be ignoring trojan detections and other detections like that.
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,042
Security researchers have discovered a new malware campaign targeting users of cheat software for popular battle royale title Call of Duty: Warzone.

In a lengthy report, publisher Activision describes the method of attack, which sees malware dressed up as a Warzone cheat and distributed via online gaming forums. When the download is triggered, a type of malware known as a dropper is installed on the victim’s machine, laying the groundwork for further attacks and data theft. “The dropper examined in this report, ‘Cod Dropper v0.1’, can be customized to install other, more destructive malware onto the targets’ machines,'' explained Activision.
PDF: https://www.activision.com/cdn/research/cheating_cheaters_final.pdf

via Call of Duty: Warzone cheaters are getting infected with malware
 
Top