The video-game industry has turned out to be one of the greatest beneficiaries of the pandemic, as many people resorted to online gaming as their new hobby to escape the confines of their homes and transported themselves to expansive fantasy worlds by connecting with friends and family.
While the gaming industry has been expanding ever since at a rapid pace, it has also attracted a lot of bad threat actors who view it as a lucrative target to execute their crimes and spread malware.
According to a new report from security researchers at Kaspersky, Mojang Studios’ popular sandbox game, Minecraft, is the most severely targeted game title used by cybercriminals as bait with 23,239 files distributed using the Minecraft name affecting 131,005 users from July 2021 through June 2022.
However, the number of malicious and unwanted files related to Minecraft dropped by 36% compared to the previous year (36,336), and the number of affected users decreased by almost 30% year on year (184,887).
Besides Minecraft, Kaspersky also listed nine more games in terms of the number of related unique malicious and unwanted files distributed: FIFA (10,776), Roblox (8,903), Far Cry (8,736), Call of Duty (8,319), Need for Speed (7,569), Grand Theft Auto (7,125), Valorant (5,426), The Sims (5,005), and CS:GO (4,790).
“Over the course of last year, from July 1, 2021 through June 30, 2022, 91,984 files that included malware and potentially unwanted applications were distributed using the popular game titles as a lure, with 384,224 users encountering these threats globally,” the Kaspersky researchers wrote in a report.
The TOP 10 games by a number of unique users attacked using the game as a lure from July 1, 2021, to June 30, 2022, are:
| Name | Number of users |
| Minecraft | 131005 |
| Roblox | 38838 |
| Need for Speed | 32314 |
| Grand Theft Auto | 31752 |
| Call of Duty | 30401 |
| FIFA | 26832 |
| The Sims | 26319 |
| Far Cry | 18530 |
| CS:GO | 18031 |
| PUBG | 9553 |
Kaspersky also analyzed KSN data specifically on mobile threats for the period from July 1, 2021 through June 30, 2022. It shows that 31,581 mobile users were exposed to game-related malware and potentially unwanted software, while 5,976 mobile users were exposed to unique malicious and unwanted files.
Minecraft, Roblox, Grand Theft Auto (GTA), PUBG, and FIFA are among the games that ranked highest by a number of related threats and affected users.
| Name | Number of unique users |
| Minecraft | 26270 |
| Roblox | 1186 |
| Grand Theft Auto | 927 |
| PUBG | 666 |
| FIFA | 619 |
| Name | Number of unique files |
| Minecraft | 2406 |
| Grand Theft Auto | 948 |
| PUBG | 624 |
| Roblox | 612 |
| FIFA | 293 |
According to Kaspersky’s statistics, most malicious files targeting players are downloaders, which account for 88.56% of all detected infection cases. The security firm said that “this type of unsolicited software might not be dangerous in and of itself… it can be used for loading other threats onto devices.”
Other types of threats spread using the top game titles include not-a-virus:AdWare (4.19%), Trojan (2.99%), DangerousObject (0.86%), Trojan-SMS (0.49%), Trojan-Downloader (0.48%), not-a-virus:WebToolbar (0.47%), not-a-virus:RiskTool (0.45%), Exploit (0.34%), and Trojan-Spy (0.29%).
“The research revealed an increase in attacks using malicious software that steals sensitive data from infected devices,” Kaspersky added.
“It included such verdicts as Trojan-PSW (Password Stealing Ware) which gathers victims’ credentials, Trojan-Banker which steals payment data, and Trojan-GameThief which collects login information for gaming accounts. From July 1, 2021 through June 30, 2022, Kaspersky security solutions detected a total of 6,491 users affected by 3,705 unique malicious files of these types.”
Kaspersky revealed that they found several examples of phishing activity aimed at gaining users’ credentials or taking over gaming accounts – especially through social network login. For example, the cybercriminals created a fake website for Grand Theft Auto that launched an in-game money generator. To use it, users would be asked to log in with their gaming account. Once the credentials were shared, the threat actors got access to such sensitive information as gaming accounts, telephone number, and even banking details. Similar fraudulent techniques were also used for other games such as Apex Legends, CS:GO, PUBG, and Warface.
“The pandemic times greatly boosted the gaming industry, increasing the number of computer game fans several times over. Despite the fact that the number of users affected by gaming-related threats has dropped, certain gaming threats are still on the rise,” the report mentioned.
“We also analyzed which popular games were used as a lure by cybercriminals who distributed malware and unwanted software, and found that most often these were multiplayer gaming platforms, such as Minecraft and Roblox. Worryingly, the primary target audience for these games is children and teenagers, who have much less knowledge of cybersecurity due to a lack of experience.”
With the gaming industry growing more and more over the years, it is important to stay protected, and not lose money, credentials, or gaming account to cybercriminals.
In order to stay safe while gaming, Kaspersky recommends following the below precautions:
- Protect your accounts with two-factor authentication whenever possible.
- Use a unique, strong password for each of your accounts.
- Download your games from official stores like Steam, Apple App Store, Google Play, or Amazon Appstore only.
- Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender.
- Carefully check the address of any website asking for your username and password, as it might be
- Avoid downloading cracked software or any other illegal content, even if you are redirected to it from a legitimate website.
- Keep your operating system and other software up to date. Updates can help address many security issues.
- Do not visit dubious websites when these are offered in search results and do not install anything they offer.
- Use a robust security solution to protect yourself from malicious software on mobile devices.
