Kaspersky Lab: Minecraft is still a big malware target

In its latest report, Kaspersky Lab has illuminated the cyber threats lurking in the shadows, preying upon the enthusiasts of computer gaming—a realm particularly alluring to fraudsters who employ various deceitful stratagems. Moreover, distinguishing between beneficial modifications and viruses in certain games is challenging, as both types of files are disseminated through dubious forums with links to publicly accessible hosting services.

However, cyber fraud is not always synonymous with the deployment of viruses. The study presents a plethora of instances of phishing websites designed to purloin gaming accounts and abscond with in-game currency or valuable items. The researchers have also compiled statistics detailing which games are most targeted by cybercriminals. Notably, Minecraft leads by a significant margin, followed by Roblox and CS:GO.

The investigation spanned cyberattacks associated with over ten popular games, gathering statistics from July 2022 through July 2023. During this period, over four million cyberattack attempts with a ‘gaming’ theme were detected. A significant majority of PC viruses were linked to Minecraft, accounting for over 70% of malware, while the gaming platform Roblox accounted for just over 20%, followed by Counter-Strike: Global Offensive with 4.78% and PlayerUnknown’s Battlegrounds at 2.85%.

On mobile devices, the prevalence of viruses masquerading as mods and other features for Minecraft was even higher, at over 90%. PUBG ranked second with 5.09%, followed by Roblox with 3.33%. Thus, Minecraft players face the highest risk of downloading viruses from the Internet. Games such as Hogwarts Legacy and League of Legends also carry certain risks.

Beyond mods and cheats for popular games, the internet is awash with sites offering free game downloads, where the likelihood of inadvertently acquiring malware instead of the game is also exceedingly high. Regardless of the type of data targeted, the majority of cases first involve downloading a loader, which could potentially deliver any malicious payload to the victim’s computer. It is safe to assert that an attempt will be made to steal any data that falls within reach.

Another prevalent form of fraud involves phishing sites that aim to steal a user’s account for a specific game or from a gaming platform. The fraudsters then pilfer in-game currency or items to sell them. They concoct various pretexts to solicit login credentials: it could be a bogus giveaway of in-game bonuses, gift cards, or early access to a sought-after game, such as the recently released Counter-Strike 2. On mobile devices, phishing sites may mimic the game’s interface, with the ultimate goal of not only stealing gaming accounts but also the victim’s social media accounts. Some websites sell games at half price, transactions which may culminate in the theft of all the funds from the card.

Kaspersky Lab’s advice is straightforward: whenever possible, purchase and download games from official stores or well-known distribution platforms. Avoid downloading pirated programs. Remember that games like Minecraft and Roblox are often targeted by attacks, partly because they are popular among children. For them, it is essential to create a safe environment to block suspicious files and web pages.