We already know the destructive capabilities of ransomware a type of malicious software that locks access to files or the system itself until a ransom is paid.Within this malware category, Teslacrypt stands out because it was designed to encrypt game-play data for dozens of video games, prompting the user to pay a ransom to decrypt those files. Targeting some well-known games including Call of Duty and Minecraft, Teslacrypt blocks access to saved game files, configuration files or game items.
If we take a look at the chart below, which shows the number of TeslaCrypt detections by ESET security products during 2016, we see that most observed activity was in March, reaching over half a million cases.
Just as there are types of spyware called keyloggers, which capture keyboard events and try to steal access credentials, there are also pieces of malicious code that attempt to steal access credentials for online games or platforms, such as Steam or Origin.
This type of malware is heavily based on social engineering or deceit in order to infect its victims. One of the most popular scams is when a player – the victim – receives a chat message from another player offering him to join his team. This unknown player is usually very friendly and praises the victim for his gaming skills, telling him that he should join this team of great players.
At some point, the victim is prompted to download and install an application – for example, a voice communication program. The attacker will be very insistent on the fact that the victim cannot become part of the team if he does not have that application. And of course, the downloaded executable is not really a chat client, but a malicious software capable of stealing account credentials.
This is another social engineering technique, regardless of the kind of threat installed in the end. The deceit in this case has to do with the fact that the victim thinks he is only installing a crack, when in fact, the file contains malware and sometimes it is not even capable of bypassing the game protections, as it claims to do.
To give you a concrete example, last month I found an alleged FIFA 16 crack online on the EA servers. It was offered via a Mediafire download link. Once downloaded, we noticed the file name, fifa16crack (SHA1: 39fb3bdd0a4424eb8bb0489309f6d42d79cee1ce), and the icon used to fool players: