Cracked games, apps leave users wide open to attack
As long as gamers look for free apps in the form of cracked games, unlicensed copies, and suchlike, attackers will continue to target them.
Up till June this year, Crackonosh, a complex crypto-jacking malware, earned cyber criminals a whopping $US2 million. Once in a system, the tool destroys all anti-malware programmes installed, and then begins to mine crypto-currency.
Crackonosh is one of many pieces of malware that’s found its way into systems via cracked games that are offered for free on torrent or download services, says Anna Collard, SVP of content strategy & evangelist at KnowBe4 Africa.
She points out that anyone wanting the fun for free could end up paying a heavy price should they get infected.
“Cracked copies of popular software or games often come with built-in malware that searches for, and disables, many of the most well-known antivirus programmes,” she explains. “For example, Microsoft Office and Adobe Photoshop are incredibly popular which means cracked versions are always going to be in demand.”
Collard says Bitdefender discovered that certain versions of both MS Office and Adobe Photoshop were being distributed with malware that had the ability to steal browser session cookies, or the entire user profile history if the user’s browser was Firefox, hijacking Monera crypto-currency wallets, and exfiltrating other data via BitTorrent.
Wide open to attack
“This malware opens a back door, turns off the firewall, and then leaves everything wide open to attack,” she adds.
Not only does this put the system at risk of the virus that’s currently wreaking havoc, but at risk of being infected by other malware because protection is disabled.
Over and above malware, cracked software can introduce adware, trojans and spyware, she says.
Downloading a free crack instead of paying for the full product is risky, and isn’t limited to PC gamers. Mobile devices and applications are as dangerous, although not always for the same reasons.
“Where downloading cracked games is the PC equivalent of diving into a pool filled with viruses, mobile games are a different story,” says Collard.
Click-jacking and malicious apps are among the most common forms of mobile fraud, says Collard. With click-jacking, criminals can intercept a legitimate click and direct the user to a Web site that steals sensitive information. Malicious apps have been injected with malware during a disguised app update or when downloaded from somewhere other than the official app store.
She says the Evina State of Mobile Fraud in South Africa report, from January to June this year revealed that 29.5% of mobile transactions were identified as suspicious; 76% of them were related to click-jacking and 5.6% to malicious apps.
“The reality is that the hackers are making far too much profit, far too easily, to stop. So, the protection of your assets and the security of your systems lies with you,” she ends.