Checkmate! How cybercriminals catch chess players in a gambit

News Desk -

Share

Along with the growing number of chess players online, the risk of related cyberattacks is also increasing. Kaspersky cybersecurity experts have discovered that chess players have been targeted by a range of different attacks from cybercriminals spreading malicious or unwanted mobile programs 一 even on Google Play 一 and Trojans and ransomware disguised as chess applications for PC and mobile. 

Over the last decade, the world of chess has been growing rapidly with more and more platforms and apps for training appearing online, and numerous global tournaments organized in digital formats.  However, the online development of chess has also piqued the interest of cybercriminals, who try to catch online chess players with a variety of tricks.

With chess players constantly learning new tactics and playing with others online, they often download applications for their computer and mobile devices 一 often from third-party sites. Needless to say, under the disguise of these apps may be hidden malicious files. According to the latest Kaspersky statistics, in 2022, cybercriminals made 139,203 attack attempts targeting almost 12,000 chess players. 

In most analyzed cases, Kaspersky researchers discovered Downloaders able to install other unwanted programs, but there were also other Adware and even Trojans 一 malicious programs that can enable cybercriminals to gather credit card details, and credentials, modify data or disrupt the performance of computers. They also found cybercriminals spreading ransomware disguised as chess applications, able to encrypt any files on the infected device. The majority of attacked chess players were in Russia, India, Vietnam, Brazil and Germany. 

The number of attacks attempts on chess players in 2022

Kaspersky researchers also discovered that in the last several years, cybercriminals were distributing malicious mobile apps or unwanted software under the guise of chess games. One, simply called “Chess”, was found on Google Play but has since been removed. Outside of Google Play, the scammers are also actively spreading mobile malware and adware via third-party sites. One of the apps we detected in 2023 sent SMS messages from an infected user’s phone, making it a spamming tool for cybercriminals. The other, like most attackers’ files hidden behind chess applications, is an adware that periodically opens advertising tabs in the browser against the user’s will – mimicking a real-life application called “Chess Pro” on Google Play, with more than 100,000 downloads.

The legitime app with more than 100,000 downloads which image has been exploited by fraudsters

“The world of chess has changed dramatically in recent years, becoming digitalized, with training and even international championships taking place online, allowing players to globally share experiences and compete against each other. However, as we see, the popularity of chess is also being exploited by attackers, distributing thousands of malicious files disguised as chess. It’s never been more important to remain vigilant and remember basic cybersecurity rules in order not to fall a victim to cybercriminals whether it’s phishing emails, or suspicious mobile apps that only mimic chess,” comments Igor Golovin, a security expert at Kaspersky.

Chess world has been going digital for decades — one of the first computer games ever was chess. But recently, most of chess has made the digital jump, and not only casual gamers, but chess education, elite level competitions, chess clubs, schools, etc. For instance, our e-gaming platform FIDE online arena every month hosts over 600 tournaments. Thus, new challenges connected to digital world, are now key for chess: cheating, cybersecurity, ID management, connection between digital and OTB (over-the-board play), computational power arms race, and more. Technology is changing the world of chess right now, so players shall be ready to answer those challenges” comments Ilya Merenzon, CEO of World Chess.

Kaspersky is an official cybersecurity partner of the 2023 FIDE World Championship, the most influential event in the world of chess, taking place in Astana, Kazakhstan, from 7 April to 1 May. 

To stay safe from mobile threats, Kaspersky recommends:

  • Check the permissions of the apps that you use and think carefully before permitting an app, especially when it comes to high risk permissions such as permission to use Accessibility Services. The only permission that a flashlight app needs is to the flashlight (which doesn’t even involve camera access).
  • A reliable security solution can help you to detect malicious apps and adware before they can start behaving badly on your device.
  • iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts and GPS features if they think those permissions are unnecessary.
  • Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software