This malware helps hackers get the personal details of gamers, including credit/debit card details, account passwords and other in-game items like personal skins, exclusive weapons and digital currency. This virus has managed to infiltrate 28 popular video games, including Roblox, FIFA, PUBG, Minecraft, and others. The security firm suspects most of the initial attacks happened between July 2021 and June 2022, with almost 400,000 users affected by the breach.
This is despite the fact that the malware was already known since as early as March 2020. The main problem lies with tracking the initial infection. It is pretty dormant until it has proper control of the system. Once the account is infected, it then initiates other stealth downloads that introduce more malware into the targeted system.
Finally, it starts tracking your keystrokes and taking screenshots of various accounts. This way, it can easily steal passwords and credentials from browsers, FTP clients, and desktop messengers. What makes it even more dangerous is that it can be easily bought on the dark web, with little hope of tracking the transaction. This means that in most cases, it isn't even the actual developers of the malware that are executing the attacks.
Such was the case in these recent attacks, where hackers got the virus and then created fake pages for popular video game and their in-game stores, where they would lure innocent gamers to log in through their social media profiles. Then they would piggyback to other accounts. If you actually were to conduct a transaction on these fake sites, they would automatically get all your card details without even breaching your account. Similar exploits were run on people who were looking to pirate games or download other bootleg items off the internet.
This is a form of social engineering that is being used to hack people from all walks of life who just want to play games and have some fun. While the police in various jurisdictions try to catch these elusive hackers, it is our responsibility as gamers to verify every potential login, download or transaction you are about to do online. As it could easily make you another number in this growing statistic.