Do you like playing Minecraft, Among Us, Battlefield, The Sims, PUBG, or other popular games? Do you download modpacks often or are you trying to save and install hacked games on sites that distribute warez – stolen unlicensed software? Well, your security may be at risk.
You may even find that your computer is involved in a DDoS attack. How exactly this can happen, and what other cyber threats gamers are exposed to, will be described below.
Let’s start with DDoS
We remind you that DDoS is an abbreviation of “distributed denial of service”, i.e. “distributed denial of service” in relation to a website or other resource. Attackers direct large amounts of traffic to the target resource, overloading it. Thus, the web resource loses the ability to process requests from its real customers. The term “distributed” means that the attack is carried out from many sources that can be located anywhere in the world.
For example, everybody knows that within the last few months, the number of DDoS attacks on Russian websites has increased thanks to the work of our Ukrainian cyber troops. Initially, our specialists were forced to repel cyber attacks by Russian hackers, but from the beginning of the active phase of the war, they went on the offensive, successfully attacking Russian online resources.
The Ukrainian Cyberarmy consists of IT specialists who consciously volunteer their time and computer resources to complete tasks. But in the fraudulent segment, it is very common to attack at the expense of users who are unaware of it.
A gamer may unexpectedly become a participant of a DDoS attack, both as a victim and as an attacker:
On one hand, the player themselves can be attacked by competitors in the game. It is a common practice to eliminate the enemy during an important raid in the game. To avoid this threat, it is enough to use a VPN.
On the other hand, a gamer can become an unintentional attacker by downloading a malware program to their desktop.
How does malicious software end up on the victim’s device
Under the guise of a game, fashion, or other product associated with the game, the gamer can download malicious software – Trojans. Trojans are usually divided into droppers and downloaders.
Droppers (the ones that are dropped or do “the load”) – these are Trojans that already contain malicious software and only upload it to the victim’s device as soon as they install themselves on it.
Downloaders (the ones that are downloaded) – malicious programs that, after installation, follow a specified link to download fraudulent software to the victim’s device.
What malicious actions can be performed by fraudulent programs
- Carry out DDoS attacks. Such affected computers, which are the performers of DDoS attacks without the owner’s knowledge, are called “zombies”.
- Cryptocurrency mining. Because gamers usually have very powerful equipment, a large load from mining can be invisible at first. Until one day you see a significant increase in electricity consumption.
- Any harmful actions that interfere with the work of your device: delete, block, modify or copy data and otherwise disable your computer.
- Stealer is a malicious program that steals information (logins and passwords, credit card information, crypto wallets, emails, and system information). Famous stylists are Raccoon, RedLine Stealer, Hunter information stealer, Mars Stealer.
- Banker is a stealer who steals bank data.
- SMS-trojans are malicious programs that send expensive text messages from the victim’s phone.
- Adware is malicious software that displays advertisements.
Where exactly a gamer can pick up malicious software
- On forums, torrents, and other resources for downloading unlicensed software.
- Unofficial resources for game distribution.
- Even in official markets – App Store, Google Play Market, Steam, etc. pay attention not only to the total number of the rating but also to individual reviews. High scores can be set by paid bots. But you should be aware if, along with five stars, you come across frustrated units from real users with feedback that the program is doing nothing.
- Following the links from the letters and in gaming chats.
- On phishing sites (fake sites, which completely copy the original): attackers often forge official game websites as well as game tournament sites.
How can a gamer protect themselves online
- Use two-factor authentication to protect your accounts.
- Set strong and unique passwords for each account.
- Use antivirus on all your devices as it will be able to recognize the downloaded Trojan in time and neutralize it.
- Do not download games from forums and other online resources for unlicensed and hacked programs.
- In official markets, carefully read the reviews of the games and be able to distinguish the comment of the paid bot from the feedback of the real user.
- Use VPN when downloading any files and programs from file-sharing sites. VPN will hide your IP address and browser history.
- Check what permissions you grant to the application during download. Do not give unnecessary permission, which is not required for the claimed operation of the application.
Special mention should be made of Swatting – when the perpetrator calls the physical address of the victim, which they learned from Internet sources, representatives of official bodies: police, firefighters, special forces, and ambulance. To calculate the physical whereabouts, attackers can use the victim’s IP address, as well as social engineering, and collect information that is available from open sources.
Therefore, to protect yourself from swatting, do not use your real name in gaming accounts, do not share personal information about yourself in private and group gaming chats, and use VPN to hide your location.