A slew of different ways to play games, including new consoles, in-browser options and mobile games, is seeing the demand for PC games soaring, and alongside this, gamers’ desire to play them for free.
They do this by finding and downloading “cracked” versions of games. But Kaspersky warns that these shortcuts come at a price, often seeing users installing malware instead of the intended game.
Cracking is the modification of software to eliminate or disable features such as copy protection, and removes DRM restrictions which are put in place to prevent the game from being used on an unlimited number of computers from one game purchase.
According to Kaspersky, cyber crooks even go so far as to set up a network of Web sites, solely for the distribution of this type of malware.
Fake warez
In fact, in April this year, researchers noted a vast, well-coordinated campaign, which distributed a dropper, that covertly executes a malicious program dubbed Swarez.
The dropper was delivered through dozens of fake warez, or sites that distribute pirated software. These sites distributed malware disguised as cracks for different software, including anti-malware, photo or video editing software, and fifteen popular computer games.
Users in 45 countries across the world were attacked by files disguised as games.
After a series of redirects from the warez Web site, the users downloaded a ZIP archive with a password protected ZIP file, alongside a text document with the key to unpack it.
Emulating installation processes
Cleverly, the installation process appeared complicated enough for users to be fooled into believing they were installing their game of choice, but unfortunately, they downloaded the Swarez dropper, which decrypted and executed a Taurus Trojan-Stealer.
This stealer has many functions, is flexible and configurable, and is capable of stealing cookies, saved passwords, autofill data from browsers, and data related to crypto wallets. It gathers information about the system, .txt files from the user’s desktop and can even take screenshots.
A particularly concerning aspect of this campaign was the ease with which the right targets were reached. Bad actors optimised their Web sites for specific search keywords, and in several cases managed to get their malicious sites into the top three results of popular search engines.
Anton Ivanov, security researcher at Kaspersky, says today's devices contain more valuable information about individuals and their finances than ever before, and are becoming an increasingly popular target.
The Swarez campaign demonstrates that fooling users into installing software from an unknown source remains an effective way of planting malware on their devices.
“And cyber criminals invest in creating more complex schemes to convince users that what they are installing is not malware – to the point of emulating installation processes.”
Ivanov says this highlight the fact that there is no middle ground, and to stay safe from this type of threats, users must stick to downloading software from trusted, official sources only, because the cost of making a mistake could be far higher than the price of the game.
https://www.123rf.com/photo_107576484_teenage-gamer-boy-playing-video-games-on-smartphone-and-computer-in-dark-room-wearing-headphones-and.html?vti=nayza9tnqso9lee7jz-1-1
Share