The global gaming community, comprising nearly half of the world’s population, has witnessed a growing onslaught of cyberattacks, according to a comprehensive investigation conducted by Kaspersky. Between July 2022 and July 2023, the cybersecurity company identified an increasing vulnerability among gamers, who have become prime targets for cybercriminals. These malicious actors have exploited the extensive gaming community to compromise personal data, launching a wide range of attacks, including web vulnerabilities, Distributed Denial of Service (DDoS) attacks, cryptocurrency mining, and sophisticated Trojan and phishing campaigns.
During this period, from July 1, 2022, to July 1, 2023, Kaspersky’s security solutions detected a staggering 4,076,530 attempts to download 30,684 unique files disguised as popular games, mods, cheats, and other game-related software. These incidents affected 192,456 users globally. While these files were primarily categorized as unwanted software and often labeled as not-a-virus: Downloader (89.7%), they had the potential to download various other programs, including malicious ones, onto users’ devices. Adware (5.3%) and Trojans (2.4%) were also significant threats to desktop gamers.
Minecraft emerged as the preferred target for cybercriminals, accounting for 70.3% of all alerts and impacting 130,619 players worldwide. Roblox was the second most targeted game title, contributing to 20.4% of all alerts and affecting 30,367 users. Other games, such as Counter-Strike: Global Offensive (4.8%), PUBG (2.9%), Hogwarts Legacy (0.6%), DOTA 2 (0.5%), and League of Legends (0.3%), also experienced notable cyber threats.
The mobile gaming community, with over three billion gamers, or nearly 40% of the global population, as reported by Newzoo in 2023, has witnessed significant growth and accessibility, making it an enticing target for cybercriminals. Between July 1, 2022, and July 1, 2023, Kaspersky documented 436,786 attempts to infect mobile devices, affecting 84,539 users.
Various game titles were used as bait to target mobile gamers, with Minecraft enthusiasts being the primary targets, accounting for 90.4% of attacks on 80,128 gamers. Indonesian users, in particular, fell victim to Minecraft attacks, resulting in Trojan.AndroidOS.Pootel.a infiltrations, which discreetly registered mobile subscriptions. Iran experienced the highest prevalence of these attacks, with 140,482 alerts affecting 54,467 Minecraft players.
PUBG: Battlegrounds Battle Royale was the second most exploited mobile game among cybercriminals, contributing to 5.09% of all alerts, with the majority of incidents originating from Russian Federation users. Roblox (3.33%) ranked third in terms of detections but second in the number of affected users.
A significant discovery was the emergence of SpyNote, a spy Trojan distributed among Roblox users on the Android mobile platform under the guise of a mod. This Trojan possesses various spying capabilities, including keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook applications to deceive users into revealing their passwords.
Phishing and counterfeit distribution pages continue to pose a significant threat to gamers. Malicious and unwanted software often disguises itself as popular games, distributed through third-party websites offering pirated versions. These deceptive pages often display inflated download counts, potentially luring users into a false sense of security. However, clicking the download button often results in an archive that may contain harmful or unrelated elements, deviating from the promised content.
“In the dynamic gaming industry, which handles a wealth of personal and financial data, cybercriminals are seizing enticing opportunities. They exploit gaming accounts by stealing in-game assets, virtual currency, and selling compromised gaming accounts, often with real-world value. The relentless pursuit of personal data has led to a surge in ransomware attacks, even affecting professional gamers who rely on uninterrupted play. This underscores the critical need for enhanced cybersecurity awareness within the gaming community,” emphasized Vasily Kolesnikov, a cybersecurity expert at Kaspersky.
To ensure safe gaming, Kaspersky offers the following recommendations:
1. Download games from official stores like Steam, Apple App Store, Google Play, or Amazon Appstore, as they undergo some level of screening by store representatives.
2. When buying a game not available through official stores, purchase it only from the official website and verify the website’s authenticity.
3. Exercise caution with phishing campaigns and unknown gamers, refraining from opening links from untrusted sources.
4. Avoid downloading pirated software or illegal content, even if redirected from a legitimate website.
5. Employ a reliable security solution that can protect your device without affecting gaming performance, such as Kaspersky Total Security for desktops and Kaspersky Internet Security for Android on mobile devices.