The SpyNote Trojan, camouflaged as a mod for the game Roblox, has been observed targeting Android users.
This mobile malware can log keystrokes, record screens, stream video from phone cameras and impersonate Google and Facebook applications to deceive users into revealing their passwords.
These findings are part of Kaspersky’s latest report. The investigation, spanning from July 2022 to July 2023, exposes the vulnerabilities that cyber-criminals are actively exploiting within the gaming user base.
Their tactics encompass a range of attacks, including web vulnerabilities, Distributed Denial of Service (DDoS) assaults, cryptocurrency mining and intricate Trojan or phishing campaigns.
During this period, Kaspersky’s solutions identified 4,076,530 attempts to download 30,684 unique files disguised as popular games, mods, cheats and other game-related software. These attempts affected 192,456 users worldwide.
The files, predominantly classified as unwanted software, were labeled as not-a-virus. The most commonly identified were Downloaders (89.70%). While not inherently dangerous, they can download other programs, including malicious ones, onto users’ devices. Adware (5.25%) and Trojans (2.39%) were also significant threats to desktop gamers.
Minecraft emerged as the most targeted game by cyber-criminals, causing 70.29% of all alerts, affecting 130,619 players. Roblox was the second most targeted, with 20.37% of all alerts impacting 30,367 users.
Read more on SpyNote: SpyNote Android Spyware Strikes Financial Institutions
Additionally, Kaspersky documented 436,786 attempts to infect mobile devices, impacting 84,539 users during the same period. Once again, Minecraft players were the primary targets, accounting for 90.37% of attacks.
“In the dynamic gaming industry, which hosts a wealth of personal and financial data, cyber-criminals are seizing enticing opportunities. They exploit gaming accounts by pilfering in-game assets, virtual currency and selling compromised gaming accounts, often with real-world value,” said Vasily Kolesnikov, a cybersecurity expert at Kaspersky.
“The relentless pursuit of personal data has led to a surge in ransomware attacks, even affecting professional gamers who depend on uninterrupted play. This underscores the critical need for enhanced cybersecurity awareness within the gaming community.”
Kaspersky recommended individuals download games only from official stores, avoid downloading pirated software, be cautious of unfamiliar gamers and phishing campaigns, and use robust security solutions to protect themselves from cyber-threats.
Image credit: Diego Thomazini / Shutterstock.com