From Cheating to Thievery: EvolvedAim’s Creator Exposed as Malware Distributor
The developer of EvolvedAim, a popular cheat for the game Escape From Tarkov, recently found himself at the center of a major scandal. It was discovered that, alongside his paid subscription cheat, the enterprising programmer was secretly distributing malware that stole user information.
Escape From Tarkov is a hardcore military simulator that attracts the attention of both honest players and cheaters. The EvolvedAim program offers users numerous features, such as automated trading and skill training. The developer, known as Mythical, ran his business quite successfully for some time, advertising on forums and using a subscription system for access to his product. However, his business idyll recently came to an end.
The story of the cheat’s inception began when Mythical started collaborating with the owner of a major Tarkov cheat forum. For a year, both parties enjoyed steady income. However, a conflict arose when Mythical decided to reduce the forum’s profit share. Subsequently, forum representatives noticed suspicious login attempts on their accounts and leaks of desktop screenshots. Piecing the facts together, they concluded that Mythical had embedded malicious software in his product to steal data.
Cheat-related fraud in online games is not uncommon, but in this case, the consequences were far more severe than a permanent ban. Since EvolvedAim was primarily used by adult users, the stolen information from their devices could easily be exploited by hackers to access personal resources and corporate data of the companies where these dishonest gamers worked.
A technical analysis of EvolvedAim conducted by experts from CyberArk revealed that the cheat was written in Python 3.10 and converted into an executable file using the PyInstaller library. Using various tools for code extraction and decompilation, it was discovered that EvolvedAim contained malicious code operating in parallel with the cheat’s main functions.
Upon launching, EvolvedAim requested a license key, but user information immediately began transmitted to the perpetrators. The malware, disguised as benign processes, collected passwords and cookies from popular browsers. It also stole files from the MetaMask crypto wallet and took desktop screenshots. The gathered data was then sent to Mega.nz and notified the perpetrators via Discord.
The situation was exacerbated by the fact that many EvolvedAim users intentionally disabled antivirus software or added the cheat process to exceptions, knowing that any software interfering with other programs would trigger protective responses. Thus, dishonest players had no chance of saving their data.
When Mythical’s deceit was uncovered, the cheat developer was banned from all gaming forums he had collaborated with. Preliminary estimates indicate that just over a thousand people fell victim to the perpetrator. EvolvedAim is no longer operational, its Discord server is closed, and the developer has ceased his activities.
This case demonstrates that using cheats can have serious repercussions. Users not only pay for access to the cheat but also risk losing their data, simultaneously endangering the corporate resources to which they have access.
