clock menu more-arrow no yes mobile

Filed under:

These are the biggest cyber threats to online gamers

Kaspersky Lab does a lot of work.

The company, which was founded in Russia in 1997, maintains a global network of offices and analysts. Its internal figures cite 300 million users worldwide using its technology to protect against attacks and viruses.

Alongside its antivirus software, Kaspersky also tracks threats. According to its data, video game software has increasingly become a target of attacks during the last several years. A Kaspersky report published in December 2013 identified 11.7 million attacks on gamers in 2013.

In the wake of that report, Polygon spoke with Christian Funk, a senior virus analyst at Kaspersky Lab about its research and the single biggest threat to gamers in 2013.

The first threat and motivations

Kaspersky identified its first gaming-focused Trojan horse more than 10 years ago. The Trojan variety of malware is designed to look like one thing to trick users into installing it, after which it typically gathers or steals information.

"We've seen the first Trojan targeting online games appearing back in 2002," Funk told Polygon. "It was named Trojan-PSW.Win32.Lmir and targeted an online role-playing game called Legend of Mir and was harvesting the username and password that was sent to the malware authors via email."

The source code leaked for that malware, creating a sort of snowball effect and copycat code applied to other games. According to Funk, the basic premise of gaming malware has remained relatively constant, though the "finesse" of the code has changed.

"The main goal of gaming malware hasn't really changed since then. It's still about hijacking gaming accounts via stealing the users' login credentials, the methods and technical finesse how this goal is accomplished by modern malware, however, has changed dramatically. It has become much more sophisticated."

The number of attacks Kaspersky identified continues to increase, though it has slowed in the last few years after an "explosive" period from 2008-2011. The motivations remain unchained, Funk told us.

"The main motivation behind the attacks is the financial profit. This is also why especially online role-playing games are the main target. The generation of value is in the time and effort behind the leveling of the characters and especially in finding rare and highly sought after in-game items. Gamers are often willing to spend real money for virtual goods, since it's a hobby after all. One aspect why some cyber criminals are into the gaming underground business is that it's simply less risky. In contrast to credit card and online banking fraud, no gamer will file a charge because a level 85 paladin got lost."


According to Funk, the biggest single threat in 2013 was Winnti, whose developers he characterized as running "a highly sophisticated and ongoing espionage campaign."

"The Winnti group has been attacking companies in the online video game industry since 2009 and is currently still active," Funk said. "The group's objectives are stealing digital certificates signed by legitimate software vendors in addition to intellectual property theft, including the source code of online game projects."

Kaspersky detailed Winnti in an exhaustive 95-page report (PDF link) published in April 2013, using research that dates back as far as 2011. Research into Winnti is still ongoing, and Kaspersky's Winnti FAQ posted in April 2013 explains its worldwide reach.

"The majority of the victims are software development companies, most of which are producing online video games from South East Asia," the report reads. "We have counted 35 unique compromised businesses over the last year and a half. From the other side we revealed 227 domain names created by the attackers and used as Command & Control servers in different campaigns."

Next-gen consoles and future attacks

Funk addressed the possibility that nefarious code could make its way onto next-gen consoles in a mid-December 2013 article. Although no malware or viruses have been discovered, the PlayStation 4 and Xbox One's connected nature, particularly to social networks, and ability to install apps could be ways for nefarious software to intrude.

"All this offers a new playground for malware types like ransomware, which could lock up the console until a ransom is paid," he wrote, "Trojans that steal personal information stored on the device (login credentials to the online account or credit card information) or abuse the hardware performance to mine bitcoins, as seen on PCs."

As far as what gamers can do to protect themselves from the threat of malware and viruses, Funk's advice is fairly standard and requires users to be suspicious of certain requests.

"Users should especially be alerted, when they see emails which were allegedly sent by a gaming company and invite them to follow a link to enter personal data or login credentials," he said.

The other standard advice may not be what gamers focused on performance want to hear, though there are options.

"An effective spam filter and antivirus solution against malware are also highly recommended. Many gamers go without them to avoid loss of performance and lags in the Internet connection, but some solutions offer a special gaming mode which don't have these drawbacks and still keep the machine protected. In our products this is accomplished by pausing scheduled full scans and updates. Active processes however are still being checked."

Sign up for the newsletter Sign up for Patch Notes

A weekly roundup of the best things from Polygon