Pierluigi Paganini April 17, 2013

Security worldwide community is alarmed by the explosion of number of cyber threats that are becoming even more sophisticated and are exploring new channel to infect a larger number of machines for various purposes, from cyber espionage to the realization of complex fraud.

Antivirus company AVG has published an interesting study on games hacks that are responsible for the diffusion of malware, the firm warns that over 90% of hacked or cracked games downloaded via file-sharing sites are infected with malicious code.

Malware authors exploit the habit of players to download the ‘hacks’ for their favorite game, typically to gather a pirated copy. The AVG security team analyzed scores of the hacks and cracks found through Metasearch services such as FilesTube and FileCrop discovering the impressive infection rate, the report states;

“Even if we assume that just 0.1% of the gamers playing the top five titles go looking for a hack – a highly conservative estimate – that means 330,000 people are potentially at risk of falling victim to game hack malware, which could lead to the loss of any legitimate, paid-for gaming assets, as well as sensitive personal data such as bank details and email or social media passwords.”

The costs to sustain is often too high for youngster and passionate players that prefer to acquire free pirated ‘cracked’ games, license key generators (keygens) and game hacks such as patches and cheats.  Of course these applications represent a profitable business fir cybercrime that finds a way to spread malware without special efforts, the players infect themselves.

Official IT world suffers double loss, the loss of earnings for the gaming industry and the costs relating to the spread of malware.

“This could lead to the loss of any legitimate, paid-for gaming assets, as well as sensitive personal data such as bank details and email or social media passwords.”

The methodology followed by researcher is simple as efficient, they performed a series of searches for popular game Diablo 3 hacks obtaining more than 40 hacks.

“In a quick test, AVG’s researchers searched FileCrop for a Diablo 3 hack, one of the most popular ‘swords and sorcery’ games on the market. The FileCrop search result listed more than 40 hacks, all temptingly titled to encourage users looking for the greatest in-game rewards and benefits. For the biggest titles, such as World of Warcraft or Minecraft, a similar FileCrop search reveals hundreds of hacks.”

Unpacking the download file the AVG researcher detected malicious code hidden in the application downloaded.

The study concluded suggesting to gamer best practices to follow to prevent infection:

• DO NOT download cracks, hacks, trainers or unofficial patches.
• DO download patches only from the official game provider’s website.
• DO vary your login details. Use different usernames and passwords for every game account, even in game forums.

Pierluigi Paganini

(Security Affairs – Malware)