Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries

The Hacker News - 8 Září, 2022 - 08:38
Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna. Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group

The Hacker News - 8 Září, 2022 - 07:38
Microsoft's threat intelligence division on Wednesday assessed that a subgroup of the Iranian threat actor tracked as Phosphorus is conducting ransomware attacks as a "form of moonlighting" for personal gain. The tech giant, which is monitoring the activity cluster under the moniker DEV-0270 (aka Nemesis Kitten), said it's operated by a company that functions under the public aliases Secnerd andRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products

The Hacker News - 8 Září, 2022 - 05:48
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

DEADBOLT ransomware rears its head again, attacks QNAP devices

Sophos Naked Security - 7 Září, 2022 - 20:57
NAS devices make it easy for anyone to add high-capacity file servers to their network. Guess why cybercrooks love NAS devices too...

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

The Hacker News - 7 Září, 2022 - 16:42
Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google's Threat Analysis Group (TAG), builds upon a prior report published in July 2022 detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian war. "UAC-0098 is a threat Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards

The Hacker News - 7 Září, 2022 - 14:56
An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

The Hacker News - 7 Září, 2022 - 14:38
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns

The Hacker News - 7 Září, 2022 - 14:10
The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While beingRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar

The Hacker News - 7 Září, 2022 - 14:00
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand.  In a recent survey, 58% of CISOs of SMEs said that their risk of attack was higher compared to enterprises. Yet, they don't have the same resources as enterprises – The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com
Kategorie: Hacking & Security

Essential Guide to Securing Node.JS Applications

LinuxSecurity.com - 7 Září, 2022 - 13:00
Due to its ability to act as the backend server for web applications, Node.js is becoming a trendy platform these days. However, it becomes crucial to take into account Node.js security policies when it comes to the world of microservices.
Kategorie: Hacking & Security

Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities

The Hacker News - 7 Září, 2022 - 08:57
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks," Palo Alto Networks Unit 42 said in a Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

The Hacker News - 7 Září, 2022 - 07:28
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Nového teleskopu pro hledání asteroidů se jen tak nedočkáme. Kongres USA chce projekt odložit

Zive.cz - bezpečnost - 6 Září, 2022 - 19:45
Bidenova administrativa má v úmyslu odložit vypuštění infračerveného teleskopu, který by měl mj. pátrat po potenciálně zabijáckých asteroidech. Informoval o tom Bloomberg. Dotyčné zařízení by v důsledku tohoto rozhodnutí – jež nejmenovaný odborník na vesmírnou politiku označil za „nepochopitelné“ ...
Kategorie: Hacking & Security

Worok Hackers Target High-Profile Asian Companies and Governments

The Hacker News - 6 Září, 2022 - 14:29
High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020. "Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

The Hacker News - 6 Září, 2022 - 11:57
Cybersecurity researchers have offered fresh insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Integrating Live Patching in SecDevOps Workflows

The Hacker News - 6 Září, 2022 - 10:57
SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com
Kategorie: Hacking & Security

Good game, well played: an overview of gaming-related cyberthreats in 2022

Kaspersky Securelist - 6 Září, 2022 - 10:18

The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion, with 3 billion players globally. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims. One of the most outstanding examples involves $2 million‘s worth of CS:GO skins stolen from a user’s account, which means that losses can get truly grave. Besides stealing personal credentials and funds, hackers can affect the performance of gaming computers, infecting these with unsolicited miner files.

In this report, we provide the latest statistics on cyberthreats to gamers, as well as detailed information on the most widespread and dangerous types of malware that players must be aware of.

Methodology

To assess the current landscape of gaming risks, we observed the most widespread PC game-related threats and statistics on miner attacks, threats masquerading as game cheats, stealers, and analyzed several most active malware families, giving them detailed in-depth characteristics. For these purposes, we analyzed threat statistics from Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users, for the period between January 2021 and June 2022.

To limit the research scope, we analyzed several lists of most popular games and based on this, created a list of TOP 28 games and game series available for download or about to be released on the streaming platforms Origin and Steam, as well as platform-independent titles. To make the overview more in-depth, we included both mobile and PC games. Thus, we analyzed threats related to the following titles:

  1. Minecraft
  2. Roblox
  3. Need for Speed
  4. Grand Theft Auto
  5. Call of Duty
  6. FIFA
  7. The Sims
  8. Far Cry
  9. CS:GO
  10. PUBG
  11. Valorant
  12. Resident Evil
  13. Command & Conquer
  14. Hitman
  15. Total War
  16. Cyberpunk 2077
  17. Elden Ring
  18. Final Fantasy
  19. Halo
  20. Legend of Zelda
  21. League of Legends
  22. Dota 2
  23. Apex Legends
  24. World of Warcraft
  25. Gears of War
  26. Tomb Raider
  27. S.T.A.L.K.E.R.
  28. Warhammer

We used the titles of the games as keywords and ran these against our KSN telemetry to determine the prevalence of malicious files and unwanted software related to these games, as well as the number of users attacked by these files. Also, we tracked the number of fake cheat programs for the popular games listed above, and an amount of miners that dramatically affect the performance of gamers’ computers.

Additionally, we looked at the phishing activity around gaming, specifically that related to cybersports tournaments, bookmakers, gaming marketplaces, and gaming platforms, and found numerous examples of scams that target gamers and esports fans.

Key findings
  • The total number of users who encountered gaming-related malware and unwanted software from July 1, 2021 through June 30, 2022 was 384,224, with 91,984 files distributed under the guise of twenty-eight games or series of games;
  • The TOP 5 PC games or game series used as bait in the attacks targeting the largest number of users from July 1, 2021 to June 30, 2022 were Minecraft, Roblox, Need for Speed, Grand Theft Auto and Call of Duty;
  • The number of malicious and unwanted files related to Minecraft dropped by 36% compared to the previous year (23,239 against 36,336), and the number of affected users decreased by almost 30% year on year (131,005 against 184,887);
  • The TOP 5 mobile games that served as a lure targeting the largest number of users from July 1, 2021 to June 30, 2022 were Minecraft, Roblox, Grand Theft Auto, PUBG and FIFA;
  • In the first half of 2022, we observed a noticeable increase in the number of users attacked by programs that can steal secrets, with a 13% increase over the first half of 2021;
  • In the first half of 2022, attackers cranked up their efforts to spread Trojan-PSW: 77% of secret-stealing malware infection cases were linked to Trojan-PSW;
  • Malware and unwanted software distributed as cheat programs stand out as a particular threat to gamers’ security, especially for those who are keen on popular game series: from July 1, 2021 to June 30, 2022 we detected 3,154 unique files of this type that affected 13,689 users;
  • Miners pose an increasing threat to gamers’ productivity, with Far Cry, Roblox, Minecraft, Valorant, and FIFA topping the list of games and game series that were used as a lure for cyberthreats; 1,367 unique files and 3,374 users who encountered these files from July 1, 2021 to June 30, 2022.
Top game titles by number of related threats

Over the course of last year, from July 2021 through June 2022, 91,984 files that included malware and potentially unwanted applications were distributed using the popular game titles as a lure, with 384,224 users encountering these threats globally.

Continuing the trend observed in 2021, Minecraft, the famous sandbox game that has been one of the most-played titles around the world for more than a decade, took first place among the games most often used as bait, with 23,239 files distributed using the Minecraft name affecting 131,005 users from July 2021 through June 2022. However, the number of malicious and unwanted files related to Minecraft dropped by 36% compared to the previous year (36,336), and the number of affected users decreased by almost 30% year on year (184,887).

Roblox, too, entered the TOP 3 games both by number of related malicious or unwanted files (8,903) and affected users (38,838).

Other titles that were most often used as a lure were FIFA, Far Cry, and Call of Duty. A large number of users encountered threats while searching for content related to Need for Speed, GTA, and Call of Duty. These game series, too, have been winning the hearts of players around the world for years.

The TOP 10 games by number of related unique malicious and unwanted files:

Name Number of unique files* Minecraft 23239 FIFA 10776 Roblox 8903 Far Cry 8736 Call of Duty 8319 Need for Speed 7569 Grand Theft Auto 7125 Valorant 5426 The Sims 5005 CS:GO 4790

* Total number of detected files using game title, from July 1, 2021 to June, 30 2022

The TOP 10 games by number of unique users attacked using the game as a lure:

Name Number of users* Minecraft 131005 Roblox 38838 Need for Speed 32314 Grand Theft Auto 31752 Call of Duty 30401 FIFA 26832 The Sims 26319 Far Cry 18530 CS:GO 18031 PUBG 9553

Number of unique users affected by threats related to the game, from July 1, 2021 to June, 30 2022

As the mobile gaming market continues to grow, we analyzed KSN data specifically on mobile threats. For the period from July 1, 2021 through June 30, 2022, our telemetry shows that 31,581 mobile users were exposed to game-related malware and potentially unwanted software. The number of unique malicious and unwanted files discovered within the given period is 5,976. Minecraft, Roblox, Grand Theft Auto, PUBG, and FIFA are among the games that ranked highest by number of related threats and affected users.

Name Number of unique users Minecraft 26270 Roblox 1186 Grand Theft Auto 927 PUBG 666 FIFA 619

TOP 5 mobile games used as a lure for distribution of malware and unwanted software, by users, from July 1, 2021 through June, 30 2022

Name Number of unique files Minecraft 2406 Grand Theft Auto 948 PUBG 624 Roblox 612 FIFA 293

TOP 5 mobile games used as a lure for distribution of malware and unwanted software, by files, from July 1, 2021 through June, 30 2022

Cyberthreats using games as a lure

The overall landscape of threats that affect gamers has not changed much since last year. Still, downloaders (88.56%) top the list of malicious and unwanted software being spread using the names of popular games: this type of unsolicited software might not be dangerous in and of itself, but it can be used for loading other threats onto devices. Adware (4.19%) comes second: this type of software displays unwanted (and sometimes irritating) pop-up ads which can appear on a user’s computer or mobile device.

The share of various Trojans that use popular games as a lure remains solid, with Trojan-SMS, Trojan-Downloader, and Trojan-Spy among the TOP 10 threats.

Threat Infection cases, % not-a-virus:Downloader 88.56 not-a-virus:AdWare 4.19 Trojan 2.99 DangerousObject 0.86 Trojan-SMS 0.49 Trojan-Downloader 0.48 not-a-virus:WebToolbar 0.47 not-a-virus:RiskTool 0.45 Exploit 0.34 Trojan-Spy 0.29

TOP 10 threats distributed worldwide under the guise of popular games, July 1, 2021 through June 30, 2022

Game over: cybercriminals targeting gamers’ accounts and money

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money. The research revealed an increase in attacks using malicious software that steals sensitive data from infected devices. It included such verdicts as Trojan-PSW (Password Stealing Ware) which gathers victims’ credentials, Trojan-Banker which steals payment data, and Trojan-GameThief which collects login information for gaming accounts. From July 1, 2021 through June 30, 2022, Kaspersky security solutions detected a total of 6,491 users affected by 3,705 unique malicious files of these types. In the first half of 2022, we observed a noticeable year-on-year increase in the number of users attacked: 13 percent against the first half of 2021 (2,867 vs 2,533). The number of unique files used to attack users also increased in the first half of 2022 by nearly a quarter, compared to the first half of 2021: from 1,530 to 1,868.

From July 1, 2021 through June 30, 2022, 77% of various data stealer infection cases were Trojan-PSW infections. Another 22% of infection attempts were related to Trojan-Bankers, and Trojan-GameThief files accounted for just 1% of cases.

Types of malicious software that steals sensitive data from infected devices, distributed worldwide using popular game titles as a lure, July 1, 2021 through June 30, 2022 (download)

The TOP 3 threat families, stealing data from the infected devices, by number of attacked users from July 1, 2021 through June 30, 2022:

  • Trojan-PSW.MSIL.Reline/RedLine

    RedLine Stealer is a password-stealing software that cybercriminals can buy on hacker forums for a very low price. From July 1, 2021 through June 30, 2022 2,362 unique users were attacked by RedLine, spread by using popular game titles and series as a lure, which makes it the most active data-stealing malware family for the period given. Once executed on the attacked system, RedLine Stealer collects system information, including device user names, the operating system type, and information about the hardware, installed browsers, and antivirus solutions. Its main stealer functionality  involves extracting data such as passwords, cookies, card details, and autofill data from browsers, cryptocurrency wallet secrets, credentials for VPN services, etc. The stolen information is then sent to a remote C&C server controlled by the attackers, who later drain victims’ accounts.

    The RedLine code specifies that, depending on the configuration the malicious software can steal passwords from browsers, cryptocurrency wallet data, and VPN client passwords

  • Trojan-PSW.Win32.Convagent and Trojan-PSW.Win32.Stealer

    Both of these verdicts are generic verdicts for various families of malicious software that collect, analyze, and steal data from victims’ infected devices. From July 1, 2021 through June 30, 2022, 1,126 unique users encountered Convagent and 1,024 users encountered Stealer.

Most often, players get malicious software, stealing sensitive data, on their devices when trying to download a popular game from a third-grade website instead of buying it on the official one. For example, under the guise of a number of cracked popular games, attackers spread the Swarez dropper, which we analyzed in detail in our previous gaming-related threats report. Swarez was distributed inside a ZIP archive which contained a password-protected ZIP file and a text document with a password. Launching the malware resulted in decryption and activation of a Trojan-stealer dubbed Taurus. The latter had a wide range of functions: it could steal cookies, saved passwords, autofill data for browser forms and cryptocurrency wallet data, collect system information, steal .txt files from the desktop and make screenshots.

Attackers often purposely seek to spread threats under the guise of games and game series that either have a huge permanent audience (such as Roblox, FIFA, or Minecraft) or were recently released. We found that from July 1, 2021 through June 30, 2022, the TOP 5 game titles that cybercriminals used as a lure to distribute secret-stealing software included Valorant, Roblox, FIFA, Minecraft, and Far Cry.

Name Number of unique users affected Valorant 1777 Roblox 1733 FIFA 843 Minecraft 708 Far Cry 389

TOP 5 game titles used by cybercriminals to lure users into downloading malicious software, stealing secrets from infected devices, from July 1, 2021 through June 30, 2022

Risky money: how to lose instead of gaining

One of the most widespread cyberthreats gamers are exposed to is phishing, a social engineering scheme where an attacker masquerades as a legal and trustworthy entity to encourage the user to give out sensitive data, such as account credentials or financial information.

For the period from July 1st 2021 through June 30th 2022, Kaspersky security solutions detected 3,116,782 attacks connected to phishing activities in online games. One of the key findings in this segment was connected to the attacks aimed at gaining users’ credentials or taking over gaming accounts – especially through social network login.

For instance, we found several examples of phishing activity of this type targeting Grand Theft Auto Online gamers: the cybercriminals created a fake website that launched an in-game money generator. To use it, you have to login with your gaming account. Once the credentials are shared, the cybercrooks get access to such sensitive information as gaming account, telephone number, and even banking details.

A fraudulent money generator offered to GTA Online players

Offering easy in-game money to achieve phishers’ malicious goals was a noticeable trend in the previous reporting period and remains one. By mimicking Apex Legends, a multiplayer free-to-play hero shooter, scammers created a fake website that invited gamers to take part in a lottery to win in-game coins. To try their luck, players were asked to share their game credentials. Once the username or player ID alongside with password were entered, the account was taken over by the scammers.

The Fake Apex Legends website that invited players to take part in a giveaway of in-game coins. Once the player typed in their username and password, scammers got access to his account

This year, cybercriminals have learned to mimic the entire interfaces of the in-game stores for many popular game titles. The most notable examples include fake marketplaces launched under the names of CS:GO, PUBG and Warface, which are popular esports disciplines. To achieve better results, players need a decent arsenal of weapons and artifacts that are available in the in-game stores. The scammers created fraudulent stores by copying the appearance of the actual in-game marketplaces to fool players, with the final aim of taking over their accounts or stealing their money.

Fake CS:GO in-game stores created by cybercriminals

Scammers create fake in-game store mimicking the PUBG mobile interface. The scheme encourages users to log in using their social media credentials

Unsolicited mining: programs that ruin the gaming experience

Miners are programs that may adversely affect a computer’s productivity. Once a miner file is launched on an affected computer, it starts using the machine’s energy to mine cryptocurrency. When it comes to unsolicited miners that interfere with users’ operating systems against their will, the situation might get even worse – especially for gamers who value the computer’s productivity above all.

According to our analysis, Far Cry, a gaming series that spans 18 years and six editions, proved to be the most popular title among unsolicited miners – both in terms of affected users (1,050) and unique malicious files (510). Other games that make the perfect bait for miners include Minecraft with 406 unique files and Valorant with 93 files. Overall, from July 1st 2021 through June 30th 2022, we managed to detect 1,367 unique mining files which affected 3,374 users. That said, the number of users affected by miners halved in H1 2022 (1002) compared to H1 2021 (2086), which may be linked to the sharp drop in the bitcoin exchange rate. Interestingly, the number of unique miner files rose by 30% in H1 2022 (497) compared to H1 2021 (383).

Under the guise of one of the biggest novelties of 2022, cybercriminals have also distributed malware related to miners. The fantasy role-playing game Elden Ring was used as a lure by cybercriminals who spread OpenSUpdater. OpenSUpdater is a Trojan that pretends to be a cracked version of a game, and, once installed, downloads and installs various unwanted programs and miners to the victim’s device.

The OpenSUpdater campaign only targets users from certain countries, so if the user’s IP address does not satisfy the regional requirements of the distribution server, clean software will be downloaded, e.g., the 7zip archive manager. Less fortunate users will receive an installer that delivers various payloads, including legitimate software, potentially unwanted applications, and miners. Infection chain consists of two stages. At the first stage, a malicious downloader is installed. The code of this downloader is updated by threat actors several times a week by using various obfuscation and anti-emulation techniques. The main purpose of these changes is to complicate threat investigation and detection. The second stage is the installer itself.

Cheating in games, or being cheated?

Every gamer aims for the best performance and results – even when they are not competing for a precious trophy. This explains why cheating will never go out of style. However, some of the cheats can bring more harm than good.

What exactly are cheats? When we talk about cheats, we refer to the programs that help gamers create an advantage beyond the available capabilities by applying special cheat codes or installing software that allows sideways. Cybercriminals try to fool gamers by creating fake cheat programs which, instead of providing advantages, negatively affect computers’ performance or even steal player’s data.

From July 1st 2021 through June 30th 2022, we detected 3,154 unique files distributed as cheat programs for the most popular game titles, with a total of 13,689 users affected. The vast majority of the files mimicking cheat programs were related to Counter Strike: Global Offense (418), Roblox and Valorant (332 files for both), and Total War (284). At the same time, Need for Speed came first by number of unique users exposed to this type of threats (3,256) – this series of games has not lost in its broad popularity after several decades and generations.

Conclusion and Recommendations

The pandemic times greatly boosted the gaming industry, increasing the number of computer game fans several times over.

Despite the fact that the number of users affected by gaming-related threats has dropped, certain gaming threats are still on the rise. Over the past year, we have seen an increase in cybercriminal activity around stealers, which allow attackers to steal bank card data, credentials, and even crypto wallets data from infected devices. In the first half of 2022, we observed a noticeable increase in the number of users attacked by stealers, with a 13 percent increase over the first half of 2021.

We also analyzed which popular games were used as a lure by cybercriminals who distributed malware and unwanted software, and found that most often these were multiplayer gaming platforms, such as Minecraft and Roblox. Worryingly, the primary target audience for these games is children and teenagers, who have much less knowledge of cybersecurity due to a lack of experience. Because of this, we assume that they could become an easy prey for cybercriminals, which means we need to pay special attention to cybersecurity hygiene training for kids.

Traditionally, we have found a lot of different examples of phishing tools spread by cybercriminals to get access to gaming accounts, in-game items or money. Cybercriminals mostly created phishing pages that mimicked the appearance of the games whose users they were targeting. For example, we observed fake in-game stores for PUBG and CS:GO.

Over the years, the gaming industry has grown more and more, and we expect to see new ways of abusing users next year, e.g. by exploiting the theme of esports, which are now gaining popularity around the world. That is why it is so important to stay protected, so you do not lose your money, credentials, or gaming account, which you have built over the years.

Here is what we recommend to stay safe while gaming.

  • Protect your accounts with two-factor authentication whenever possible. At least comb through account settings if you cannot.
  • Use a unique, strong password for each of your accounts. Should one of your passwords get leaked, the rest of your accounts would remain safe.
  • You will benefit greatly from a robust security solution that will protect you from every possible cyberthreat without interfering with your computer’s performance while you are playing.  Kaspersky Total Security plays nicely with Steam and other gaming services.
  • Download your games from official stores like Steam, Apple App Store, Google Play, or Amazon Appstore only. While not 100 % safe, games from these stores undergo a screening process, which makes sure that a random app cannot be published.
  • If your desired title is not available from the official store, purchase it from the official website only. Double-check the URL of the website to make sure it is authentic.
  • Avoid buying the first thing that pops up. Even during Steam’s summer sale, make sure you read a few reviews before forking out the dough for a little-known title. If something is fishy, other people will have figured it out.
  • Beware of phishing campaigns and unfamiliar gamers. Do not open links received by email or in a game chat unless you trust the sender. Do not open files from strangers.
  • Carefully check the address of any website asking for your username and password, as it might be fake.
  • Avoid downloading cracked software or any other illegal content, even if you are redirected to it from a legitimate website.
  • Keep your operating system and other software up to date. Updates can help address many security issues.
  • Do not visit dubious websites when these are offered in search results and do not install anything they offer.
  • Use a robust security solution to protect yourself from malicious software on mobile devices, such as Kaspersky Internet Security for Android.

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

The Hacker News - 6 Září, 2022 - 08:47
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Researchers Find New Android Spyware Campaign Targeting Uyghur Community

The Hacker News - 6 Září, 2022 - 07:18
A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

QNAP Warns of New DeadBolt Ransomware Attacks Exploiting Photo Station Flaw

The Hacker News - 6 Září, 2022 - 05:11
QNAP has issued a new advisory urging users of its network-attached storage (NAS) devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "the campaign appears to target QNAP NAS devices running Photo Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security
Syndikovat obsah