In an intriguing twist in the digital world, a new wave of malware is making headlines for its targeted attack on video gamers, particularly those dabbling in cheating software, with a sinister twist: the theft of Bitcoin from unsuspecting victims.
A Stealthy Predator in the Gaming Realm
Vx-underground, a prominent malware information repository, has recently shed light on a malicious campaign that’s sweeping through the gaming community. This malware, still unnamed and piloted by an unidentified threat actor, specifically preys on users of pay-to-cheat software in video games. Its primary method of attack involves pilfering login credentials and other sensitive information from its victims.
The scope of this attack is alarmingly vast, with over 4.9 million accounts linked to Activision Blizzard users and its Battle.net game store falling prey, alongside accounts from Elite PVPers, a game-focused trading site, and cheat software markets PhantomOverlay and UnknownCheats.
The Bitcoin Heist
Among the alarming consequences of these attacks, the most startling is the crypto-draining activity reported by impacted users. Electrum Bitcoin wallets have been specifically targeted, with vx-underground noting an absence of details regarding the total amount of stolen funds. This incident marks a concerning evolution in the tactics employed by cybercriminals, merging the worlds of gaming and financial theft.
A Network of Deception
PhantomOverlay, one of the cheat software markets hit by this malware, has responded to the allegations of hacked accounts by suggesting that the figures might be exaggerated, citing over half of the logins from a viewed database as “invalid garbage.” Yet, they acknowledge the malware’s origin might be tied to widely-used software among gamers, such as latency programs or VPNs, describing this as the “largest infostealer malware campaign in gaming/cheating community history.”
Despite suspicions surrounding the malware’s source, proving the culprit’s identity remains a challenge, with the malware gang actively obscuring their tracks.
The Response from Activision Blizzard
Activision Blizzard, caught in the crossfire, has been proactive in its response. The company confirmed its awareness of the potential industry-wide credential compromise due to malware from unauthorized software downloads. They assure users that their servers “remain secure and uncompromised” and advise a password update as a precautionary measure.
PhantomOverlay’s encounter with fraudulent activity first came to light when user accounts started making unauthorized purchases, prompting immediate investigation and collaboration with Activision Blizzard to assist the millions of affected users.
This episode serves as a stark reminder of the risks associated with downloading and using unauthorized software, underscoring the importance of vigilance in the ever-evolving landscape of cyber threats.
