How Do Hackers Infect Gamers with Viruses?

One way to attack gamers is to spread computer Trojans. Attackers can send private messages with links to phishing websites on behalf of the owner of the stolen account.

These messages can include information about the online contest led by the developer of the game to participate in which you need to register on a third-party website, or ads that promote cheating software that is actually full of viruses. Naive gamers who are not yet experienced in the recognition of fraudsters are easily deceived by such tricks.

Attacks on Twitch users

Twitch users, for example, can be sent proposals to participate in the lottery. Victims are invited to win digital weapons and collector's items to use in CounterStrike: Global Offensive.

Regular Twitch visitors see tons of similar promotions on daily basis. They click without fear to be infected and fraudsters take advantage of this situation.

Once the malicious software gets access to the Steam or other platform account, the Trojan installed on the gaming computer secretly takes screenshots, adds new friends, buys items, independently sends and accepts sales offers. After inventory theft takes places, this inventory appears on various online forums with a significant discount - up to 35%.

Twitch became one of the most popular streaming platforms for gamers, allowing fans of online broadcasts to earn during their streams. Many streamers were able to get fans legitimately, but some easy-money-lovers decided to use botnet services and increase the number of subscribers in not so legimative way.

An example of a malicious program aimed at attacking the Steam platform

If cyber criminals wish to target Steam wallets, phishing is also used to gain access to the wallet.

In August 2014, Steam platform users started to write messages saying that they suddenly lost valuable game items and resources. The culprit of all these virtual thefts was the Trojan called Trojan.SteamBurglar.1.

The malicious program was sent by attackers via messages in Steam chat and also on specialized gamers’ forums. Players were invited to see screenshots of virtual weapons or other goods allegedly offered for sale or exchange. All these offers were shown by Trojan.SteamBurglar.1 to the user of the infected computer.

At the same time, the Trojan itself allocated the steam.exe process in computer memory, extracted information about the game objects, identified the most valuable items, and then stole those items for the purpose of resale. The stolen items were sent to one of the accounts belonging to the attackers.

The ability to create game servers by the players also allows attackers to create fake servers and distribute malware through them.

Hackers can also create malicious copies of the pages of games in the Steam catalog. Cloned pages copy the design of authentic game pages completely. When visiting a fake game page, the user is then redirected to the download website controlled by hackers that installs malware.

The further attack scenario depends on virus writers’ goals. Recent attacks feature malicious programs called ransomware.

Watch out for ransomware

Ransomware is the biggest security problem at the moment. These programs encrypt user data and require ransom in return of decryption keys.

Ransomware Trojans can encrypt files belonging to most popular games such as World of Tanks, Call of Duty, World of Warcraft, Minecraft, League of Legends, and many other.

Such Trojans can enter the system through spam, as a link in Skype of other messengers, they can be downloaded from the infected website or brought on an infected USB flash drive.

The infection itself is invisible and runs in the background. It is not detected until the files on the computer are encrypted and a message with hackers’ demands is displayed on the screen.

It is very hard to restore data files without those keys as hackers use military grade encryption systems like AES and RSA. But hackers are also people and they often make mistakes in their code. Security researchers were able to find flaws in many ransomware viruses and create decryptors.