Cyberattacks targeting gamers increasing in 2023

According to Kaspersky's research, video game users, who now account for almost half of the world's population, are increasingly being targeted by digital attacks. From July 2022 to July 2023, Kaspersky highlighted the growing number of vulnerabilities in video games. Cybercriminals have exploited this huge pool of potential victims to gain access to personal data, launching a range of threats either through DDoS attacks, cryptocurrency mining, or through complex Trojan or phishing campaigns.

In the period 1 July 2022 to 1 July 2023, Kaspersky solutions detected 4,076,530 attempts to download 30,684 files that appeared in the form of popular games, mods, cheats and other video game-related software. These attacks affected 192,456 users worldwide. These files - mainly classified as unwanted software and often classified as not-a-virus:Downloader (89.70%) - are not inherently dangerous but are capable of downloading various other programs, even malicious ones, onto the user's device. Adware (5.25%) and Trojans (2.39%) were also notable threats to desktop gamers.

Minecraft was the favorite target of cybercriminals, with the attack rate reaching 70.29%. During the period of the survey, attacks using Minecraft as bait involved 130,619 gamers worldwide. Roblox was the second most selected game title, with the attack rate reaching 20.37%, affecting a total of 30,367 users. The list of major games that were attacked was followed in order by Counter-Strike: Global Offensive (4.78%), PUBG (2.85%), Hogwarts Legacy (0.60%), DOTA 2 (0.45%) and League of Legends (0.31%).

Meanwhile, according to the Newzoo report, mobile game users on mobile devices number around three billion, almost 40% of the world's population, having become a tempting target for cybercriminals. Between 1 July 2022 and 1 July 2023, Kaspersky recorded 436,786 attempts to infect mobile devices, affecting 84,539 users.

Various game titles were used as bait to target users on mobile devices. Minecraft players were again the primary targets with the number of incidents reaching 80,128, representing 90.37%. Indonesian users in particular encountered various threats via Minecraft, resulting in a Trojan.AndroidOS.Pootel.a attack that secretly stored mobile subscriptions. The Islamic Republic of Iran saw the highest frequency of these attacks, where out of 140,482 attack incidents, 54,467 involved Minecraft players.

PUBG: Battlegrounds Battle Royale, at 5.09%, was the second most popular mobile game, with the majority of incidents involving users from the Russian Federation. Roblox (3.33%) ranked third in terms of detections, but second in terms of the number of affected users.

A notable discovery concerns the appearance of SpyNote, a spy Trojan distributed among Roblox users on the Android mobile phone platform under the guise of a mod. This Trojan displays various spying capabilities, such as keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook applications to trick users into sharing their passwords.

Phishing and malware distribution sites continue to pose a significant threat to players. Malicious and unwanted software is often disguised as popular games and spread through third-party websites offering unofficial versions. These deceptive sites usually display falsified downloads, potentially misleading users into a false sense of security. Nevertheless, the download usually leads to a file that may contain harmful or irrelevant data.

To stay safe while playing, Kaspersky recommends:

• It's safest to download your games only from official stores such as Steam, Apple App Store, Google Play or Amazon Appstore. Games from these marketplaces are not 100% safe, but at least they are checked by store representatives and there is some kind of verification process: not every app can be made available on these stores.
• If you want to buy a game that is not available through the official stores, buy it only from the official website. Carefully check the URL of the website and make sure it is authentic.
• Watch out for phishing campaigns and unknown gamers. Do not open links received via email or in a game chat unless you trust the sender. Do not open files you receive from strangers.
• Do not download unofficial software or any other illegal content, even if you are redirected to it from a legitimate website.
• A strong, reliable security solution will help you a lot, especially if it won't slow down your computer while you're playing, but at the same time it will protect you from all possible threats.
• Use a powerful security solution to protect yourself from malware and its activity on mobile devices.