Security Experts:

90 Percent of Game Hacks Infected with Malware, AVG Warns

A majority of game hacks and software freely available online contain malware, according to new research.

Nearly 90 percent of unauthorized software for popular computer games are infected with malware, AVG Technologies said in its AVG Insight newsletter released today. The list includes unpirated "cracked" games, license key generators (keygens) and thousands of other game hacks such as patches, cheats and trainers readily available online on unregulated torrent or file-sharing sites, AVG said.

AVG's findings were released the same day Kaspersky Lab disclosed details on a series of targeted attacks against online gaming companies.

"While the hacks may appear attractive at first glance, most are created by cybercriminals looking to pry, disrupt or steal," AVG said.

Infected Video Game Hacks and KeygensThese hacks are designed to attract players looking to get something for free or enhance their in-game experience. AVG Viruslab Researchers noted that games range anywhere from $5 to $50, and that is before the players have to shell out for add-ons such as extra powers and resources. Recent industry figures suggest gamers spend an average of $127 on gaming software each year. Other players may be looking for ways to advance in the game because they don't have the enormous amount of time these games often require, the research group added.

AVG’s researchers analyzed such hacks and cracks found through metasearch services such as FilesTube and FileCrop, and discovered malware which could lead steal legitimate, paid-for gaming assets, take over user accounts, or intercept sensitive personal data such as bank details and passwords to email and social networking accounts. AVG searched FileCrop for a Diablo3 hack and found more than 40 hacks. Bigger titles such as World of Warcraft or Minecraft returns hundreds of results, the security firm said.

A randomly downloaded Diablo3 hack turned out to have malicious code which would attempt to decrypt saved passwords stored by the Web browser, AVG researchers found. Any cracked passwords would then be sent back to the attacker via email.

At first glance, the numbers don't seem all that large, as only a small percentage of gamers go looking for a hack. However, considering that the top five games—World of Warcraft, League of Legends, Runescape, World of Tanks, and Minecraft:—boast about 330 million players worldwide (in all, not each game), even a mere 0.1 percent of players would translate to about 330,000 individuals, AVG noted.

Infected users should immediately change passwords across all online services using the same password, contact the game provider to recover the account, AVG said.

"As this rough and ready experiment shows, gamers downloading a hack from a file sharing website should exercise extreme caution, and at least ensure they have the latest security products installed on their computer," AVG Viruslab Research Group recommended. Or better yet, don't download cracks, hacks, trainers or unofficial patches and get patches only from the official game provider’s website.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.