![[ Plzhow ] Written and illustrated explanations](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0wb8SWgzkXTHmz2gI0D9wCA-XZK1GxFwT6EzfZ4IK3a2FV7eeIugnYcjwxYt4T6XtGc9mp52i63BfQjK94ow8tti1VyCEMMjBbYr8JZDgz8AUdopwlkfUDU1Ln9jQKAOSgf6qXxMNWNo/s1600/ff.png)
We all know how much you enjoy playing
– socially, professionally or casually – video games, which is why we
want to take this opportunity to share more information about safe
online gaming.
Previously we have discussed how to protect yourself while playing,
with professional online gamers offering advice based on their
knowledge and experience as users; and we have also talked about why
security is important in every instance of game development.
Today we will talk specifically about some of
the biggest threats online gamers face and, of course, how you can
protect yourself. Below you will find the top five threats, in no
particular order of importance.
#1 TeslaCrypt
We already know the destructive capabilities of ransomware – a type of malicious software that locks access to files or the system itself until a ransom is paid.
Within this malware category, Teslacrypt stands
out because it was designed to encrypt game-play data for dozens of
video games, prompting the user to pay a ransom to decrypt those files.
Targeting some well-known games including Call of Duty and Minecraft,
Teslacrypt blocks access to saved game files, configuration files or
game items.
If we take a look at the chart below, which
shows the number of TeslaCrypt detections by ESET security products
during 2016, we see that most observed activity was in March, reaching
over half a million cases:
However, there are two key points to mention.
First, TeslaCrypt is no longer operational – its developers have shut
down their file recovery service. Nonetheless, since the ransomware is
still spreading and infecting systems, it remains a threat for online
gamers. The good news is that the cybercriminals have released the
master decryption key, and that ESET has released a decryption tool for TeslaCrypt that you can download if your system has been compromised.
Secondly, the ransomware that attacks video
games is not that effective, since current games are often designed to
save games and settings on the cloud servers of each developer, making
it possible for the user to recover his files should they get lost.
Therefore, the games that do not store files in the cloud are more
likely to be affected by this ransomware.
#2 Password Stealers
Just as there are types of spyware called
keyloggers, which capture keyboard events and try to steal access
credentials, there are also pieces of malicious code that attempt to
steal access credentials for online games or platforms, such as Steam or
Origin.
This type of malware is heavily based on social engineering
or deceit in order to infect its victims. One of the most popular scams
is when a player – the victim – receives a chat message from another
player offering him to join his team. This unknown player is usually
very friendly and praises the victim for his gaming skills, telling him
that he should join this team of great players.
Where is the deceit?
At some point, the victim is prompted to
download and install an application – for example, a voice communication
program. The attacker will be very insistent on the fact that the
victim cannot become part of the team if he does not have that
application. And of course, the downloaded executable is not really a
chat client, but a malicious software capable of stealing account
credentials.
The picture above shows a fragment of a chat
exchange with an attacker. ESET’s products detect and block a large
number of variants. One of them is Win32/PSW.OnLineGames.NNU; in this
case, apart from its credential stealing and keylogging capabilities,
the malware looks for specific data of some well-known games like World
of Warcraft. Another variant is Win32/PSW.OnLineGames.OUM, which
receives and executes malicious commands from a remote server and
attempts to neutralize the antivirus products present in the system.
So far, in 2016, the number of detections of the Win32/PSW.OnLineGames threats has reached over a quarter million:
There are also other threats worth mentioning,
which specifically target the Steam platform: MSIL/Stimilik.H, a
malicious code written in .NET that allows an attacker to remotely
control the affected machine, and Win32/PSW.Steam.NBC, of similar
characteristics. The case of Steamlocker is particularly interesting – a
piece of malware that appeared in 2016 trying to follow the ransomware
trend, that blocks access to the Steam service and then requests the
payment of a ransom to retrieve it.
#3 Fake Game Cracks
This is another social engineering technique,
regardless of the kind of threat installed in the end. The deceit in
this case has to do with the fact that the victim thinks he is only
installing a crack, when in fact, the file contains malware and
sometimes it is not even capable of bypassing the game protections, as
it claims to do.
To give you a concrete example, last month I
found an alleged FIFA 16 crack online on the EA servers. It was offered
via a Mediafire download link. Once downloaded, we noticed the file
name, fifa16crack (SHA1: 39fb3bdd0a4424eb8bb0489309f6d42d79cee1ce), and
the icon used to fool players:
Although the alleged crack fulfills its function to play the game
without a license, it also installs malware on the system. We can see
that the file is really a self-extracting SFX that executes .bat files
with specific commands to install a coin miner. The main problem is that
the victim will notice a drop in the system performance, since system
resources are being used by the cybercriminal to mine virtual
currencies.
The picture above shows one of the miner’s
configuration files. This particular case is a multipool that mines
different types of coins, including other configuration files that are
also able to mine the Monero cryptocurrency.
We should remember that because the crack is
functional, this does not mean it will be free of malware. It is
therefore essential to have an antivirus solution and not turn it off
whenever those cracks request it so. Even today, we still see that some
10-year-old infected applications are still active, such as the modified
versions of Aimbot or Wallhack Counter Strike, for example.
#4 Fake Apps
Nowadays, we not only play on consoles or PCs,
but also on our smartphones or tablets. Therefore, we must be careful
and pay special attention to those fake apps masquerading as official
games, updates, tricks, etc.
Since 2015, there have been various malicious
mobile applications masquerading as well-known games, which perform
different types of attacks on the infected devices. Perhaps one of the
most important cases has to do with an Android Trojan hidden among the games at Google Play,
which allowed attackers to control devices remotely, thanks to its
backdoor capabilities. By imitating games like Plants vs. Zombies 2 or
Subway Surfers, it was mainly used to display ads on the compromised
device.
Another prominent case is the one of fake Minecraft apps that install scareware,
which were downloaded by more than 600,000 Android users. After showing
the victims signs of fake viruses or threats on their devices, it then
tried to convince users to subscribe to a premium SMS service in order
to remove the fake threats.
Finally, I would like to mention the first lockscreen that tries to take advantage of the Pokémon GO fever.
In this case, the false application blocks access to the system, which
needs to be booted to keep on working. After reboot, however, the
malicious application continues to run, silently clicking on porn ads on
the background.
#5 Phishing
As professional FIFA player Patán told us, and as I mentioned myself after attending conferences on malware and the gaming industry,
one of the most common attacks (and easiest to carry out) has to do
with stealing access credentials through fake websites, or simply
through users asking for the login information. To do this,
cybercriminals register websites with a slight variation on the original
domain name, for instance, by changing only one letter.
We can mention two of the best-known examples
that affected Steam users: the fake Steam screensaver, which was in fact
a password stealer phishing, and the fake Steam games that spread
malware.
Recommendations
The aim of this article is not to scare you so
that you stop playing games online. On the contrary, it is to raise
awareness about the existing risks, which can be complemented by the
following recommendations:
- The same “old” story – never use old versions of games or applications. Since the updates fix vulnerabilities, it is absolutely necessary to update software as soon as possible.
- Always have your antivirus software enabled on your computers – you should be suspicious of those applications that request you to disable your antivirus protection before installation. Also, if you are concerned about FPS and system performance, remember that, for example, ESET Smart Security has a Gamer mode that optimizes the performance of the antivirus solution so that you can enjoy your game without interruptions.
- Ignore unknown chats requesting information: remember that game developers will never ask for your passwords. Activate two-factor authentication
whenever it is available – thus, even if your password is lost or
stolen, no one will be able to access your account without having the
second verification factor. More information at:
- Steam Guard / Steam Mobile Authenticator
- Login verification for Origin
- Blizzard/Battle.NET Authenticator
- Change passwords regularly; use passphrases; and never use the same one for different accounts or services – sometimes the passwords and account data can be leaked (just remember the 6 biggest attacks on online games of the last few years). It is therefore a good idea not to use the same login data for different services.
EmoticonEmoticon