Gaming-Related Malware on the Rise on Mobile, PCs

Popular online games such as Minecraft and The Sims are helping spread malware on both PCs and mobile devices, highlighting the risks that both games and mobile devices now pose, a new study finds.

Gaming is increasingly a way not just for people to entertain themselves, but also to connect with others, which is otherwise difficult to do during the pandemic, notes freemium virtual private network service Atlas VPN.

"We've been watching the amount of malware accelerate within games for the past decade or so," says Jacinta Tobin, vice president of global sales and operations at cybersecurity firm Proofpoint's Cloudmark mobile and email security division. "It's a space that's rife to be exploited."

According to data from Atlas VPN, between July 1, 2020 and June 30, 2021, more than 303,000 PCs were afflicted by gaming-related unwanted software, such as malware, adware and spyware. Mobile games also proved a threat, with as many as 50,000 or so users attempting to download unwanted files hiding under the disguise of the 10 most-played mobile games, such as Minecraft, The Sims 4, PUBG and Grand Theft Auto V.

A plethora of user-developed modifications exist for Minecraft that make gameplay more diverse and may help account for its popularity, but these unofficial mods can hide dangerous payloads or undesirable software, Atlas VPN notes.

In addition, games are often linked with online spaces where attackers can lurk, Tobin notes. These include chat windows where attackers can ask for personal info under the guise of a fellow gamer or post links to mods that are actually unwanted files, as well as YouTube channels sharing game-related videos where attackers can post potentially malicious links.

"Attackers seek ways to get people out of the app to an environment that's not as secure," Tobin says.

“Malware on phones is good at educating users how to enable malware—providing guides on how to disable certain settings, how to enable access to untrusted sources.”
—Jacinta Tobin, Proofpoint

As people rely more and more on mobile devices for everyday communications and transactions, they are increasingly becoming a target for attacks, Cloudmark notes. For example, in September the company discovered new malware dubbed TangleBot targeting Android devices in the United States and Canada that spreads through SMS (short message service) texts. It can access and control many aspects of devices, including the camera, microphone, phone and SMS capabilities, GPS, contacts and call logs, and can place overlay screens on the device covering legitimate programs, such banking apps, to steal the victim's account credentials.

"You can imagine attackers using TangleBot or malware like it for logging your keystrokes or harvesting your biometric data—if your bank has a voice authentication mechanism for verifying your credentials, it can record that, or it can use that information to create deepfakes to emulate your voice," Tobin says. "Or you can imagine TangleBot getting into a CEO's phone, and attackers sending a text is if they were the CEO. 'Dear CFO, I'm driving and can't log in to the system, can you wire money to this account urgently?' We're expecting attacks like this down the road."

When it comes to desktops and laptops, users now often know not to click on suspicious links and download potential malware, "but malware on phones is relatively new, and we're all used to downloading apps to get cool new features," Tobin says. In addition, "malware on phones is good at educating users how to enable malware, providing guides on how to disable certain settings, how to enable access to untrusted sources."

The fact that Google's Android operating system is more open than Apple's iOS means that developers can make software more easily available for "sideloading" through third parties outside the official Google Play app store. "So while the Google and Apple teams are excellent at making sure their official app stores are as safe as possible, it's harder for Google to make sure all Android applications are safe," Tobin says.

Indeed, Apple recently claimed Android devices have between 15 and 47 times more malware infections than iPhone because of sideloading. However, iOS is not immune to attacks, as the spyware known as Pegasus recently showed, Tobin notes.

"It can be lucrative to launch attacks on phones just to get mobile numbers," Tobin says. "If you think about it, mobile phone numbers are now connected to almost every business transaction. We're used to having multiple email addresses, but the mobile number is often the key hub to all your information."

There are now multiple anti-malware products with free or paid versions for iOS and Android, Tobin notes. “Sometimes when a new update comes out for your mobile device, you may be reluctant to download it unless it offers new functionality. But most updates are security updates.” And security updates, she adds, are as a rule well worth downloading and installing.