As computer gaming companies rush to get their latest products onto the market, this haste may be providing a serious cybersecurity vulnerability.
Prior to launching the next great computer game hit, online gaming companies have a choice—release their games on all platforms simultaneously, or release them in dribs and drabs as the development work is completed. The first option inevitably results in a delay in the ultimate launch date as all platforms must be ready, tried, and tested before launch. The second option will bring in welcomed revenue, but it will leave many millions of players waiting in line before their version is available. This option also opens a number of online gaming risks that cybercriminals can exploit.
The first vulnerability involves leveraging the eagerness with which those gamers denied an early version release will desperately attempt to play a game. This involves trawling around the Internet, visiting gaming and torrent sites looking for early game samples, or even full editions of a game that has not yet been released. One of most popular locations for game seekers is YouTube where unfulfilled gamers can see samples of the new game on platforms that are officially available to play. And it is on those websites and YouTube channels that the cybercriminals spring their traps. URL links to websites promising downloads of as-yet-to-be-released games are sprinkled liberally around these popular gamer watering holes. But danger is not far away, and many of those links lead to sites containing malware that gamers download to their mobile devices thereby inserting malicious code onto their mobile phones and tablets. One of the most popular vehicles to persuade gamers to download viruses is by offering innocent-looking questionnaires, where the ultimate teaser is a free download of the elusive game itself.
The second vulnerability that raises mobile gaming risks is the use of fake bonus items. For example, the big hit of 2018 is called Fortnite, a shoot-‘em-up, kill-everyone-in-sight, Hunger Games lookalike. To date, even though it has only been released on the iPhone, this game has been downloaded over 125 million times. This has provided plenty of latitude to offer “in-game goodies” such as extra weapons and fancy outfits that normally only offer cosmetic value to the players. With such a number of downloads already in circulation, it doesn’t take much to imagine downloads exceeding the 650 million achieved by Pokemon Go, in 2017, once the Android version is available.
One fake site offered Fortnite fans “V-bucks” with which they could purchase in-game bonuses that enable them to progress quickly in the game. Again, the hackers enticed naïve players into clicking on the malware links by asking them to complete an online survey with the offer of V-bucks as a reward. This specific fake app was downloaded 5,000 times before the alert was issued and it was removed by Google Security. However, this mitigation was launched after 5,000 devices had been infected with potentially damaging malware, which significantly raised the cybersecurity vulnerability.
The malicious code downloaded to mobile devices has been put to varied use including accessing data on mobile devices to utilizing mobile CPUs for illegal cryptomining. Many infiltrations do not necessarily damage the target devices, but they can certainly impact the users’ security. In addition, surreptitious cryptomining overclocks the target device resulting in excessive heat and possible damage to mobile device, as well as battery drain and decreased performance.
The key message for online gamers is never to attempt to download game versions until they are officially released – there is a 99% chance that you will download malware to your device. ONLY download games, patches, and updates from official app stores (Google Play and Apple Store).
CSPs are advised to deploy Allot’s NetworkSecure, which provides full network security protection against malware attacks on mobile devices attached to the network. Click <here> to read an Allot Threat Bulletin on the Cyber Risks of Online Gaming.
Need a defense against attacks on online gamers? Allot can help—Contact Allot.