The video game market, with its 3.2 billion gamers around the world, is attracting businesses of all stripes. All sorts of computer devices created specifically for game lovers will not surprise anyone. But the matter has not been limited to them for a long time: someone produces gaming furniture, and someone produces gaming drinks. It is not at all surprising that cybercriminals do not stand aside.
{toc}
Gamers are people who are addicted, so quite often they are not so difficult to catch on some good social engineering. Sometimes it is enough to promise an Android version of a game that is unavailable in the official store, or free games. Not to mention that in the world of gaming, there is piracy, cheats, and account black markets - a huge space of opportunity for attackers.
In general, the hunt for gamers has been declared again: attackers are distributing the RedLine stealer Trojan under the guise of cheats for games and are trying to steal accounts, card numbers, and everything.
Watch on YouTube: a trojan disguised as a cheat
With cheats, the current find of Kaspersky Lab researchers is connected, the details of which are set out in a report on Securelist. Attackers have posted videos on YouTube that allegedly tell how to use cheats in popular online games - Rust, FIFA 22, DayZ, and a couple of dozen others. The videos look quite convincing and offer to perform actions that gamers using cheats are very accustomed to follow the link in the description to download a self-extracting archive and after that, of course, run it.
If the download fails, then caring video creators recommend disabling Windows SmartScreen, a filter that protects users of the Microsoft Edge browser from phishing and malicious sites. True, for some reason they do not specify with the same care that several malware will be installed on the user's computer at once as a result of all these actions.
Firstly, the unlucky cheater will get the Trojan-stealer RedLine, which steals almost any valuable information from the computer - first of all, passwords saved in browsers. In addition, RedLine can execute commands on the computer, as well as download and install other programs on the infected computer. So if he himself has not coped with some malicious task, he will be able to "call friends."
Secondly, RedLine comes with a miner that mines cryptocurrency on the victim’s computer for attackers. Gaming computers are a logical target for installing unwanted miners, because they usually use powerful video cards, with the help of which cryptocurrency is mined.
How can a user pay for cheats
For real cheats, you can get a ban from the creators of the game. But a user who has downloaded and installed a fake cheat may have even more problems.
Firstly, RedLine Stealer, installed under the guise of a cheat, is trying to steal everything valuable from the computer, namely:
- account passwords;
- card numbers;
- session cookies that allow you to log into accounts without passwords;
- crypto wallet keys;
- correspondence from messengers.
Secondly, the crypto-miner bundled with RedLine adds the following special effects to this:
- slow computer;
- increased wear of the video card;
- high electricity bills.
And the user risks paying with his good name, and here's why. RedLine does another interesting thing: the Trojan receives videos from the command and control server and places them on behalf of the user on his YouTube channel. These are the same videos about cheats with exactly the same description: download the archive, run it, and of course, after that everything will go around in a new circle, only with the next victim. Thus, the Trojan spreads by itself, acquiring more and more "users".
Earlier, by the way, RedLine distributors have already used somewhat similar techniques, trying to pass off the malware installer as an upgrade to Windows 11 or as an installer for the Discord messenger, popular among gamers.
How to stay safe
We can't help but start with the obvious: don't download cheats. Besides being unethical, it simply cannot be safe. Cheats violate the user agreement with the developer company, which means that they are in the gray zone by default. Therefore, they will never be distributed through secure official channels. And when downloading something from unofficial and unverified sources, the chance of running into malware is always much higher.
We also recommend enabling two-factor authentication wherever possible. In this case, even if some malware gets onto your computer and steals passwords from important accounts, attackers will not be able to use them.
Better yet, use and never disable protection tools: both a filter in the browser and the main security solution . Since cheats even functionally have much in common with malware, antiviruses often do not allow them to be installed - and therefore cheat developers suggest that users disable antivirus. In no case should you do this: as soon as you turn off the protection, you are left without any insurance.
So here's a review. I did it for a decent time, and if you liked it, then subscribe to my tg, there are a lot of interesting things coming out every day =)