Game hackers take advantage of ECQ to steal passwords


    INTENSIVE use of online gaming platforms during the enhanced community quarantine also gave rise to cybercriminals attacking people using their devices for entertainment.

    But what can cybercriminals gain from attacking gaming platforms? Gaming is a multi-million dollar industry with an equal number of users. Utilizing various types of malware, mostly Trojans, to profit from gamers, hackers know that the first stage to an intrusion is stealing users’ account data from popular gaming platforms such as, Origin and Uplay, in order to resell it afterwards.

    Security expert Kaspersky reviewed threats targeting major gaming platforms and found at least four malware specimens that are capable of stealing information. However, these Trojans are not just looking to affect gameplay but important financing details which are more profitable.

    Kaspersky analyzed the password stealer landscape to see how vulnerable users could be. Threat analysis presented four malware families – Kpot, BetaBot, Okasidis and Thief Stealer, which all carry an interesting Trojan specimen.

    Password stealers are a type of Trojan malware, designed to steal account data – from gaming session tokens or login details, to nearly any information saved on a computer. This can include cookie files, login credentials and passwords saved on a browser, along with a lot more. In some instances, stealing gaming details is just one of the malware’s functions, and online banking passwords are also of interest.

    All the observed Trojans are virtually unnoticeable to users. In all cases they do not demand any extra permissions or send fake alerts and just quietly steal data. It is important to note that these Trojans do not exploit any platform vulnerabilities, as they purely focus on gathering data from an infected device.

    “There are numerous gaming-focused threats out there, from fake files and compromised modes resold on the web, through to phishing pages. However, if a user is aware of these threats, they can take steps to protect themselves from harm. Unfortunately, this is not the case with password stealers, as it is hard for a user to spot them. This means that gamers need to be proactive in keeping themselves safe and always take extra precautions, as well as using a reliable security solution to prevent their computer from becoming infected,” comments Alexander Eremin, Kaspersky security analyst.

    Protecting gaming accounts from malware including password stealers, does not need expensive solutions. Kaspersky recommends the following; setting up two-factor authentication, download gaming modifications only from trusted sources, use a reliable security solution which will be able to identify stealers and stop them from stealing data; keeping any security solution on in the background while playing a game.

    Some security solutions, such as Kaspersky Security Cloud, have a special gaming mode, which reduces the load on the computer during playing time and does not affect the quality of the gaming experience.