Hackers may be after your highly-ranked video game account, Latest Tech News - The New Paper
Tech

Hackers may be after your highly-ranked video game account

Hackers may be after your highly-ranked video game account
The attacks are part of a global wave linked to Russian-speaking groups.PHOTO: EPA-EFE
Osmond Chia
Dec 03, 2022 05:43 pm

Hackers who spread password-stealing malware have set their sights on gamers, trying to steal users’ credentials and online gamer profiles with high ratings, to sell.

The fraudsters plant links on popular online marketplaces or comments sections that, once opened, install malware that searches a browser for account credentials and sensitive information that is not encrypted.

The hacking is part of a global wave of attacks by 34 Russian-speaking groups that have stolen more than 50 million passwords linked to gaming services, e-commerce platforms and online banks in seven months this year. Of  these, 185,689 passwords were stolen from 2,179 devices that have installed the malware, said Singapore-based cybersecurity company Group-IB in a report published on Nov 23.

The firm, which specialises in cyber investigations, is a partner of international law enforcement organisations such as Interpol and a private-industry partner of the Singapore Police Force.

Some 1,420 local gaming account credentials for gaming platforms Steam, Epic Games and Roblox have been linked to this wave of hacking, Group-IB’s regional head of digital risk protection Ilia Rozhnov told The Straits Times on Thursday.

It is not clear how much money was lost, said Mr Rozhnov.

The letters were sent to recipients’ workplaces and warned of “threatening consequences” if they did not contact the e-mail addresses provided.
Singapore

Vivian Balakrishnan, Tan Wu Meng get letters with ‘distasteful’ photos

Related Stories

276 people under probe over scams totalling more than $7m

Man trafficked to scammers told to target S'poreans

More migrant domestic workers fell prey to scams in 2023

Users of these accounts may have been locked out of them or found that their accounts have been deleted, said Mr Rozhnov, adding that password theft in gaming services has seen a fivefold rise since 2021.

Account details for e-commerce platforms Amazon and Shopee, as well as payment platforms like PayPal, were also seized, he added.

The Group-IB team was alerted to the scam after it was notified about scammers recruiting via groups on messaging app Telegram.

An estimated 200 workers were tasked to distribute links with malware that steals data stored in browsers, such as gaming accounts, bank details and e-commerce credentials, said Mr Rozhnov.

One way these people have targeted gamers is by planting these links in the comments section of popular gaming tutorial channels on video hosting platform YouTube.

Gamers may be tricked into clicking these links, believing they may get upgrades for their characters or a helpful tip, said Mr Rozhnov.

He said: “The scammers are targeting people who are gamers, through specific videos of games. These (scam) links are attached to popular videos, and they look harmless. People might think it’s a patch for their game.”

Once installed, any information saved on an unencrypted system, like Google Chrome or other Internet browsers, is up for grabs.

The report said: “After a successful attack, the scammers either obtain money themselves using the stolen data, or they sell the stolen information in the cybercriminal underground.”

More On This Topic
Can you spot a scam? Find out how well you know 6 common scams in S'pore
When scammers target online gamers

Stolen video game accounts can go for hundreds of dollars, depending on the amount of in-game currency a player owns or the rarity of a player’s in-game possessions, like character skins. Bloomberg reported in 2020 that the underground economy for stolen game accounts generated $1 billion annually.

Though this would be inconvenient, Internet users should also refrain from saving passwords in browsers and regularly clear browser cookies, Mr Rozhnov said. Cookies can be deleted in the settings menu of a typical browser such as Google Chrome.

Executive director Andrew Shikiar from Fido Alliance, which sets standards for password-less authentication, said the average Internet user has many online accounts, but roughly half of them use a similar password.

He said: “As such, one set of stolen credentials may allow hackers access to users’ different accounts across websites and platforms.”

He urged users to enable possession-based authentication, such as two-factor authentication or biometrics, but added that organisations should start to adopt such standards too instead of passwords.

Dr Jiow Hee Jhee, a member of the Media Literacy Council, which advocates cyber wellness, said the council had not been alerted to cases of gamers being preyed on by fraudsters.

But he said he was not surprised as many eager gamers turn to forums to learn new approaches to a game and, in turn, may be exposed to dangerous links.

He also urged parents to be mindful of their children’s online activities.

More On This Topic
More children cheated in game scams; counsellors urge peer support and parental supervision
Facebook Gaming is overrun with strange videos and scams

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

SCAMSINTERNET CRIMES AND SCAMSGAMING/VIDEO GAMESparenting