Acronis has revealed details of a sophisticated malware campaign targeting consumers, particularly gamers, across the Middle East. The Acronis Threat Research Unit (TRU) reported that the attackers are exploiting the rising popularity of online gaming in the region, which is valued at over US$7 billion and continues to grow rapidly.

The malware campaign focuses on users aged 18–35 and spreads through platforms like Discord. Victims are lured with fake beta versions of indie games such as Baruda Quest, Warstorm Fire, and Dire Talon. Instead of actual games, users unknowingly download infostealer malware like Leet Stealer, RMC Stealer, and Sniffer Stealer.

According to Acronis researchers, the malware steals sensitive data including login credentials, payment information, and crypto wallets. This can lead to account takeovers, financial loss, and extortion. The campaign is notable for targeting individuals rather than corporate networks.

• Affected countries include Saudi Arabia, Qatar, and Türkiye
• Malware is often spread through fake game promotions on Discord and YouTube

Jozsef Gegeny, Senior Researcher at Acronis TRU, stated that the team uncovered the threat by analyzing suspicious files and websites disguised as legitimate game content. Many of these files were not detected by major antivirus tools.

The campaign was first detected in Brazil and the United States but has now expanded globally. The Middle East has become a hotspot due to its young, digitally active gaming population.

Attackers use fake branding, promotional sites, and even dedicated YouTube channels to distribute the malware. Some installers display fake errors to hide their real intent.

Acronis urges gamers to remain vigilant and download games only from official or verified developer websites. They also recommend enabling multi-factor authentication for added security.

Gegeny added that even tech-savvy users can fall victim to such threats, especially when malware evades mainstream security tools.

Related post

View all