Gamers have long used cheat codes to enhance their performance in video games. But buyer beware — hackers have recently been lacing malware in video game cheat codes that could allow attackers to hack victims’ microphones or web cameras, according to Cisco Talos research published Wednesday.
The campaign, which appears to have targeted video game players and PC modders, features malware hidden in seemingly legitimate files that users can download to run game patches, tweaks or modding tools.
The malware hackers have used in this campaign, XtremeRAT, can capture audio or video through victims’ microphones or web cameras, take screenshots, upload and download files or log keystrokes.
The victims involved in this campaign have generally accessed the booby-trapped downloads from YouTube videos about game cheats or social media forums about specific games of interest, Cisco Talos said.
“This goes to show how dangerous it is to install random software from questionable sources,” the researchers wrote in a blog.
Even gamers on alert for nefarious code aren’t safe. The Talos researchers point out that the hackers behind the operation worked to conceal their malicious intent by using a VisualBasic-based cryptor, meant to obfuscate the malware. The attackers also worked to make their campaign impervious to anti-malware tools, the researchers said.
It is not clear who exactly the perpetrators of this latest campaign are — the Talos researchers don’t venture a guess — but hackers have used XtremeRAT in both espionage and cybercrime campaigns alike, according to FireEye research.
Video game cheat codes have proven a prudent target for illicit profits. Chinese police and Tencent worked together earlier this week to bust a video game cheat ring that was making some $76 million in revenue for selling cheats to popular video games such as Call of Duty Mobile or Overwatch, according to the BBC.
Attackers frequently pry into video games to hack players. A hacking team in Asia was recently caught compromising the update mechanism for some video games that run on PCs and Macs in order to run surveillance on gamers in Taiwan, Hong Kong and Sri Lanka, according to ESET research. Last year hackers targeted Valorant players with malware in an attempt to steal their usernames and passwords, according to Sophos research.
Other campaigns that have targeted gamers recently include adware targeted at Minecraft players.