Cyber attacks have become a daily occurrence. For the criminals behind it, it is simply a lucrative business. And as long as companies continue to pay, as the KNVB recently did, this will continue unabated. Awareness is King. In fact, everyone should know something about cybersecurity. It is now clear that the global gaming community also accounts for approx half of the world’s population are increasingly under attack from cybercriminals, according to a new study by Kaspersky.
In the period from July 2022 to July 2023, the security company discovered the growing vulnerability of gamers. Cybercriminals took advantage of this vast community to gain access to personal data and launched a range of attacks, including web vulnerabilities, DDoS attacks, cryptocurrency mining and complex Trojan or phishing campaigns.
More than 4 million attempts
From July 1, 2022 to July 1, 2023, Kaspersky solutions detected as many as 4,076,530 attempts to download 30,684 unique files masked as popular games, mods, cheats, and other gaming-related software. These incidents affected 192,456 users worldwide. These files – mainly classified as unwanted software and often labeled as not-a-virus:Downloader (89.70%), – are not necessarily dangerous, but they are capable of downloading various other programs, even malicious ones, into it user’s device. Adware (5.25%) and Trojans (2.39%) were also notable threats to desktop gamers.
Minecraft and Roblox
Minecraft proved to be the favorite target of cybercriminals and was responsible for 70.29% of all alerts. The attacks that used Minecraft as a bait affected 130,619 players around the world during the reporting period. Roblox was the second most targeted gaming title, accounting for 20.37% of all strikes, affecting 30,367 users. Counter-Strike: Global Offensive (4.78%), PUBG (2.85%), Hogwarts Legacy (0.60%), DOTA 2 (0.45%) and League of Legends (0.31%) were also among to the prominent games targeted by cyber threats.
The mobile gaming community, which according to the Newzoo 2023 report has more than three billion gamers, or almost 40% of the world population, is characterized by a significant growth and accessibility and has become an attractive target for cybercriminals. Between July 1, 2022 and July 1, 2023, Kaspersky documented 436,786 attempts to infect mobile devices, affecting 84,539 users.
Mobile gamers are also not safe
Various game titles were used as bait to target mobile gamers. Minecraft enthusiasts were again the main target, as 90.37% of attacks targeted the 80,128 gamers who fell victim. Indonesian users in particular faced exploitation via Minecraft, resulting in a Trojan.AndroidOS.Pootel.a attack, which discreetly registered mobile subscriptions. These attacks were the most common in Iran, with 140,482 alerts affecting 54,467 Minecraft players.
PUBG: Battlegrounds Battle Royale was the second most used mobile game among cybercriminals, accounting for 5.09% of all reports, with most incidents coming from users in the Russian Federation. Roblox (3.33%) ranked third in detections, but second in the number of users affected.
Trojan spy tool and phishing
One notable discovery concerns the emergence of SpyNote, a Trojan spy tool distributed to Roblox users on the Android mobile platform under the guise of a mod. This Trojan exhibits several spying capabilities, including keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook applications to trick users into giving up their passwords.
Phishing and spoofed distribution pages still pose a major threat to gamers. Malicious and unwanted software often masquerades as popular games and is distributed via third-party websites that offer pirated versions. These deceptive pages usually display inflated download numbers, potentially lulling users into a false sense of security. Still, clicking the download button usually results in downloading a file that may contain malicious or unrelated elements that differ from the promised content.
In the dynamic gaming industry, which harbors a wealth of personal and financial data, cybercriminals see tempting opportunities. They exploit gaming accounts by stealing in-game assets and virtual currency and selling compromised gaming accounts, often with real value. The relentless pursuit of personal data has led to a rise in ransomware attacks, even affecting professional gamers who depend on uninterrupted gaming. This underlines the urgent need for better cybersecurity awareness within the gaming community.
[Fotocredits – Thaut Images © Adobe Stock]