Filtered By: Scitech
SciTech

Public warned vs. malware hiding in official game installers


Cybercriminals are at it again, targeting gamers' personal data by sneaking in their malware even into the legitimate game installers, a security vendor said.
 
Trend Micro noted the case of compromised official releases of online games like League of Legends (LoL), Path of Exile (PoE), and FIFA Online 3.
 
"Variants of the remote access Trojan (RAT) PlugX were found in the official releases of the three games, and appeared to target users based in certain countries in Asia," the company said.
 
It said players could get infected just by downloading the legitimate installer or updates for the game.
 
Along with the legitimate game launcher, users could be getting a dropper that installs the PlugX malware, and a “cleaner” that overwrites the compromised launcher with the legitimate one - likely to cover up the infection.
 
With PlugX installed, remote attackers can perform "malicious and data theft routines on a system without the user’s permission or authorization."
 
Trend Micro noted that while PlugX variants have targeted legitimate apps, one new trend is that this variant created its own autostart service.
 
Compromised releases
 
Trend Micro said the compromised official releases were traced to Asia-based consumer Internet platform provider Garena, which partners with game developers including Riot Games, S2 Games, and Electronic Arts.
 
While Garena said “computers and patch servers were infected with Trojans" and the installation files for LoL and Path of Exile are infected, "further investigation by our engineers found that FIFA Online 3, another Garena release, was also compromised."
 
Trend Micro also said its initial analysis showed the Taiwanese versions of the LoL and PoE installers were compromised, while FIFA Online 3 victims are mostly from Singapore,
 
"(W)e have also seen victims from other Asian (areas) such as Thailand, Malaysia, and Hong Kong. Analysis of the C&C activity shows that these countries are part of the top countries which accessed the C&C server," it said.
 
But it also noted the malicious activity declined after Garena released their official announcement. It added installers from Garena's website have been verified clean since Dec. 29. — Joel Locsin/TJD, GMA News
LOADING CONTENT