Cybercriminals are increasingly targeting online gamers with password-stealing malware, according to the latest advice from a leading antivirus firm.
Russian cybersecurity giant Kaspersky urges gamers to learn about and defend against information-stealing Trojans that go after usernames, passwords and session tokens. (A Trojan is malware that masquerades as a benign file or application so that you'll open or install it.)
- Best antivirus: protect yourself from scams with online security
- VPN: add a layer of extra protection thanks to a virtual private network
- Just In: Black Lives Matter scam steals passwords and personal data
In a recent posting to its security blog, Kaspersky said it's fairly well known that cybercriminals target the world’s most popular online gaming service, Steam.
“But there are many other platforms out there, such as Battle.net, Origin, Uplay, and the Epic Games Store," said Kaspersky. "They all have multimillion-dollar audiences, so naturally, attackers are interested, and stealers exist for them, too.”
Trojans mainly distributed via email
Password stealers aren’t a new form of malware. They're similar to banking Trojans, and cybercriminals often use them to purloin account information, cookies and other files stored on infected devices. However, cyber crooks are increasingly targeting gaming accounts.
Kaspersky explained in its blog post that hackers can gain access to accounts using a variety of methods:
“For example, take Trojan stealer Kpot (aka Trojan-PSW.Win32.Kpot). It is distributed mainly through email spam with attachments that use vulnerabilities (for example, in Microsoft Office) to download the actual malware onto the computer.
“Next, the stealer transfers information about programs installed on the computer to the command-and-control server and waits for commands to proceed. Among the possible commands are ones to steal cookies, Telegram and Skype accounts, and much more.”
People playing titles from games developer Blizzard, in particular, should beware these threats, according to Kaspersky. Malware can steal files with the .config extension from the %APPDATA%\Battle.net folder, which is then linked back to Blizzard’s own game-launcher app.
“Among other things, these files contain the player’s session token — that is, the cybercriminals don’t get the actual username and password, but they can use the token to pretend to be the user."
World of Warcraft and Diablo 3 at risk
After crooks gain access, Kaspersky warns, they can make money by selling in-game items, for example in World of Warcraft or Diablo 3.
Ubisoft’s game launcher app, Uplay, is being targeted by a form of malware called Okasidis, Kaspersky said. Meanwhile, Uplay, Origin, and Battle.net are being targeted by BetaBot malware.
Speaking about the latter, Kaspersky said: “In all three cases, the user is unlikely to notice anything — the Trojan doesn’t reveal itself in any way on the computer, doesn’t display any windows with requests, but simply steals files and/or data on the sly.”
How to foil password-stealers
To protect against Trojans, Kaspersky recommends that users implement two-factor authentication, avoid downloading mods from suspicious sites, invest in security and keep antivirus software turned on while gaming. (Many antivirus programs have "game modes" to to put scans and interruptions on hold.)
- Read more: Check out our Antivirus Software Buying Guide