ADVERTISEMENT
Filtered By: Scitech
SciTech

Cyberspy group targets PHL online gaming firm


+
Add GMA on Google
Make this your preferred source to get more updates from this publisher on Google.
An online gaming firm with operations in the Philippines was among the targets of a massive cyberespionage campaign, security vendor Kaspersky Lab said.
 
Kaspersky Lab said the campaign by a cybercriminal group calling itself "Winnti" targeted certain online gaming companies. Target companies
 
"The Winnti team is targeting gaming companies located in various parts of the world but has a stronger focus on Southeast Asia. Among the countries that have been affected are the Philippines, India, Indonesia, China, Taiwan, Thailand, South Korea, Japan, Belarus, Germany, Russia, Brazil, Peru, and the United States," it said.
 
Kaspersky noted South Korean online gaming publisher LivePlex Corp. has operations in the Philippines.
 
It said “Winnti” had been "actively attacking" online video gaming companies since 2009, stealing digital certificates and source code of online game projects.
 
The group was first detected in 2011, when a malicious Trojan was detected on a large number of end-user computers worldwide and was accidentally installed in the machines of some online gamers.
 
"We are encouraging online gamers to exercise caution when using PCs for their online gaming activities. While most gamers use their own devices to play, there are still who use Internet cafes for playing," said Jimmy Fong, Channel Sales Director for Kasperky Lab in Southeast Asia.
 
"It is recommended that gamers check if the PCs they are using have the proper security applications installed and updated," he added.
 
Fong advised gamers to use legitimate software and have the latest updates to ensure cybercriminals cannot easily infiltrate their machines.
 
DLL trojan
 
Kaspersky said its analysis showed the Trojan is a DLL library that could work as a Remote Administration Tool (RAT) controlling the victims’ computers stealthily.
 
Worse, the malicious module had a valid digital signature that turned out to come from another online gaming company and issued by Verisign.
 
The digital signature was eventually revoked.
 
Digital signature trail
 
Kaspersky cited a trail of compromised digital signatures from legitimate online gaming firms used by Winnti. Most were from South Korea.
 
Among the companies whose digital certificates were stolen were Korean firms ESTsoft Corp. Kog Co., MGAME Corp., Sesisoft, Wemade, and Neowiz.
 
Chinese firms Guangzhou YuanLuo and Fantasy Technology Corp., and Japanese game publishers YNK Japan and Rosso Index KK were also targeted.
 
These stolen signatures were distributed for use to other hacking groups.
 
Moneymaking schemes
 
Kaspersky also found the group was involved in other illegal money-making schemes using their malware, including:
 
  • Manipulating the accumulation of in-game currency, such as “runes” or “gold” used by players, and convert this into real money.
  • Use the stolen source code from online game servers to search for vulnerabilities inside games to augment in-game currency without suspicion.
  • Use the stolen source code from servers of popular online games to deploy pirated servers.
 
— TJD, GMA News
Tags: mmorpg, philippines, malware, trojan, cybersecurity
Most Popular