Microsoft is focusing on a widespread click fraud scam that targets gamers and is silently deployed on compromised systems. The cybersecurity section of the IT giant is keeping an eye on the DEV-0796 threat cluster as it evolves.
Microsoft Security Intelligence said in a tweet:
The attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices
Attack chains launched by the attacker start with an ISO file that is downloaded onto a victim’s computer when they click on a malicious YouTube ad or comment. The node-webkit (also known as NW.js) or malicious browser extension is installed when the ISO file is opened.
Click fraud campaign using misdirection
Notably, the ISO file masquerades as exploits and cheats for the first-person shooter game Krunker. Cheats are software tools that provide users a comparative advantage over other competitors outside the limits of the game.
The click fraud attack also involve use of DMG files, which are Apple disc image files. Usually used to deliver software on macOS, showing that the attackers are targeting many operating systems.
The malware was discovered while Kaspersky disclosed information on a new campaign. That attracted YouTube cheat-seeking gamers to download self-replicating software that may set up cryptominers and other data thefts.
According to a recent report by a Russian cybersecurity company:
Malware and unwanted software distributed as cheat programs stand out as a particular threat to gamers’ security, especially for those who are keen on popular game series.
According to Kaspersky, 77% of the cases of various data stealer outbreaks from July 1, 2021, to June 30, 2022, were Trojan-PSW attacks. Another 22% of infected efforts involved Trojan-Bankers, while only 1% involved Trojan-Game Thief files.
Kaspersky discovered 3,154 different files downloaded as cheat programmes for the most popular gaming titles between July 1 and June 30 of 2022, affecting a total of 13,689 people. Files connected to Roblox and Valorant (332 files), Total War (284), and Counter-Strike: Global Offense made up the large bulk of the files that copied cheat tools .
Recommendations
The pandemic period had a positive impact on the gaming business and doubled the number of gamers. Although there have been fewer people attacked by dangers connected to gaming, numerous of these attacks are still increasing.
The gaming business has spread continuously over the years, and analysts predict that next year will bring new opportunities for user misuse, such as through taking advantage of the growing global popularity of esports. To avoid losing your money, login information, or gaming account, it is important to be protected.
For each of your accounts, use a different, secure password. The rest of your accounts would be protected even if one of your passwords were compromised. Two-factor authentication should be used to protect your accounts whenever possible. If you cannot, at least check the account preferences.
Only get your games from official stores like the Steam, Apple, Google Play, or Amazon Appstore. Games from these shops go through a screening procedure, which ensures that an unsafe game should not be published, even though that it is not 100% safe.
The use of unknown players and phishing scams should be avoided. If you do not know the sender of an email or message in a gaming chat, do not click on any links (click fraud) they may include. Do not open files received from unknown sources.
Even if you are redirected to a valid website, avoid downloading pirated software or any other unwanted information. If suspicious websites appear in search results, avoid visiting them and don’t download anything they might suggest.
Update the latest stable versions of your operating system and other applications. Many security vulnerabilities may be resolved with the help of updates.
Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.