Video Game Cheaters Targeted by Malware
Korean security analysts have spotted a malware distribution campaign that uses video game ‘cheat’ baits on YouTube to trick players into downloading RedLine, a powerful information-stealing piece of malware. The video game, Valorant, is a free first-person shooter available on PC. The video on YouTube shows someone how to install an ‘aimbot’, which is software integrated with the game that automatically points the player’s weapon at any opposing player without the player’s input at all. This essentially allows skill-less players to dominate and escalate the rankings easily.
In the video description on YouTube, it has an external link to install the ‘aimbot’ that brings you to a download page. Users who attempt to download the file in the video’s description will be taken to an ‘anonfiles’ page from where they’ll get a RAR archive that contains an executable named ‘Cheat installer.exe’. This file in reality is a copy of RedLine stealer, one of the most widely deployed password-stealing malware infections that snatch the following data from infected systems:
- Basic information: Computer name, user name, IP address, Windows version, system information (CPU, GPU, RAM, etc.), and list of processes
- Web browsers: Passwords, credit card numbers, AutoFill forms, bookmarks, and cookies, from Chrome, Chrome-based browsers, and Firefox
- Cryptocurrency wallets: Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, and Jaxx
- VPN clients: ProtonVPN, OpenVPN, and NordVPN
- Others: FileZilla (host address, port number, user name, and passwords), Minecraft (account credentials, level, ranking), Steam (client session), Discord (token information)
After collecting this information, RedLine neatly packs it in a ZIP archive named “().zip” and exfiltrates the files via a WebHook API POST request to a Discord server.
What Should You Do?
Apart from the fact that cheating in video games takes the fun out of playing and ruins the game for others, it’s also a potentially severe security risk. None of these cheat tools are created by trustworthy entities, none are digitally signed (so Anti-Virus warnings are bound to be ignored), and many are malware.
ASEC’s report contains a recent example, but that’s just a drop in the bucket of malicious download links under YouTube videos that promote free software of various types. The videos that promote these tools are often stolen from elsewhere and are re-posted from malicious users on newly created channels to act as bait. Even if the comments below these videos praise the uploader and claim the tool works as promised, they should not be trusted as these can easily be faked.
Always be wary of links in YouTube descriptions, if you’re unsure of where the link may lead, using Link Checkers can help you determine if something is sketchy or not.
Additional Cybersecurity Recommendations
Additionally, these recommendations below will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO Program development services.
- Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
- Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
- Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
- Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
All of these recommendations are built into CyberHoot the product or CyberHoot’s vCISO Services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.