Malware hidden in game cheats and mods used to target gamers

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Threat actors target gamers with backdoored game tweaks, patches, and cheats hiding malware capable of stealing information from infected systems.

The attackers mostly use social media channels and YouTube how-to videos for advertising their malware-laced modding-related game tools.

Cisco Talos researchers who spotted multiple campaigns using these tactics said that they've "seen several small tools looking like game patches, tweaks or modding tools" backdoored with obfuscated malware.

"These types of attacks are a return to form for classic virus campaigns — video game players are no strangers to trying to avoid malicious downloads while trying to change the game they're playing," the researchers said in a report published today.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Original - Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
  • Cisco Talos recently discovered a new campaign targeting video game players and other PC modders.
  • Talos detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files that users would usually download to install cheat codes into video games or other visual and game modifications (aka "mods").
  • The cryptor uses Visual Basic 6 along with shellcode and process injection techniques.
  • We have a full analysis of the VB6 header of one of the samples used in these campaigns and provide a detailed walkthrough for security analysts.
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
The people who make these know that everybody who wants them will simply exclude them from their antivirus. If a cheat isn't detected then I see that as a good thing (it's hopefully not malicious), if it's detected as a hacktool then it's down to the user, however they should not be ignoring trojan detections and other detections like that.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Security researchers have discovered a new malware campaign targeting users of cheat software for popular battle royale title Call of Duty: Warzone.

In a lengthy report, publisher Activision describes the method of attack, which sees malware dressed up as a Warzone cheat and distributed via online gaming forums. When the download is triggered, a type of malware known as a dropper is installed on the victim’s machine, laying the groundwork for further attacks and data theft. “The dropper examined in this report, ‘Cod Dropper v0.1’, can be customized to install other, more destructive malware onto the targets’ machines,'' explained Activision.
PDF: https://www.activision.com/cdn/research/cheating_cheaters_final.pdf

via Call of Duty: Warzone cheaters are getting infected with malware
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top