Video game users, who today represent almost half of the world’s population, are the target of digital attacks. From July 2022 to July 2023, Kaspersky highlighted the growing number of vulnerabilities in video games.

Cybercriminals have taken advantage of this huge pool of potential victimsin order to acquire access to personal dataunleashing a series of threats either through DDoS attacks, through cryptocurrency mining, or through complex Trojan or phishing campaigns.

According to SEPE (Association of Informatics & Communications Enterprises of Greece), in the period July 1, 2022 to July 1, 2023, Kaspersky solutions detected 4,076,530 attempts to download 30,684 files, which appeared in the form of popular games, mods, cheats and other software, related to video games. These attacks affected 192,456 users worldwide.

These files – which are mostly classified as unwanted software and are often labeled as not-a-virus:Downloader (89.70%) – are not inherently dangerous, but are capable of downloading various other programs, even malicious ones, onto the user’s device. The adware (5.25%) and the Trojans (2.39%) were also notable threats to desktop gamers.

Favorite goals

Minecraft has been a favorite target of cybercriminalswith the percentage of attacks reaching 70.29%. During the research period, the attacks, which used Minecraft as bait, involved 130,619 gamers worldwide.

Roblox was the second most selected game titlewith the percentage of attacks reaching 20.37% affecting a total of 30,367 users. In the list of major games that were attacked, followed by Counter-Strike: Global Offensive (4.78%), PUBG (2.85%), Hogwarts Legacy (0.60%), DOTA 2 (0.45%) and League of Legends (0.31%).

Mobile games are a tempting target

At the same time, according to the Newzoo report, the game users on mobile devices number around three billion, i.e. almost 40% of the world’s population, having become a tempting target for cybercriminals. Between 1 July 2022 and 1 July 2023, Kaspersky recorded 436,786 attempts to infect mobile devices, affecting 84,539 users.

Various game titles were used as bait to target users on mobile devices. His players Minecraft were again the primary targets, with the number of incidents reaching 80,128, which corresponds to 90.37%.

Especially users from Indonesia faced various threats through Minecraft, resulting in a Trojan.AndroidOS.Pootel.a attack, which secretly stored mobile subscriptions. The Islamic Republic of Iran saw the highest frequency of these attacks, where of the 140,482 incidents of attacks, 54,467 involved Minecraft players.

The PUBG: Battlegrounds Battle Royale, with 5.09%, was the second mobile game, with the majority of incidents involving users from the Russian Federation. Roblox (3.33%) ranked third in detections, but second in number of affected users.

A remarkable discovery concerns the display of SpyNote, a spyware Trojan, distributed among Roblox users on the Android mobile phone platform, under the guise of a mod. This Trojan displays various spying capabilities, including keylogging, screen recording, video streaming from phone cameras, and the ability to impersonate Google and Facebook apps to trick users into sharing their passwords.

Phishing and fake product distribution pages continue to pose a significant threat to players. Malware and unwanted software are often disguised as popular games and spread through third-party websites that offer unofficial versions.

These deceptive pages usually appear falsified downloads, potentially lulling users into a false sense of security. However, the download usually leads to a file, which may contain harmful or irrelevant content.