Blog

 

The promise of a free game might seem like a bargain, but it could end up costing you far more than buying it legally.

Pirated PC games have always carried a certain level of risk. Some crash, some don’t work properly, and some arrive bundled with bloatware. There’s also the threat of malware. Recently, security researchers have discovered a major malware campaign that takes this danger to a whole new level. This attack has reportedly infected more than 400,000 devices worldwide.

Instead of simply distributing illegal copies of popular games, cybercriminals are using those downloads as a delivery system for malware. And once activated, it has the capacity to steal passwords, browser data, and cryptocurrency wallets.

The Malware Hidden Behind the Loading Screen

Researchers have found that popular PC games are being cracked and then repackaged for illegal downloads. However, the attackers are also hiding the RenEngine malware within these downloads. Once the game is installed, the malware is activated and quietly gets to work in the background.

At first, everything appears normal, and this is what makes it so dangerous. The game itself is a genuine cracked copy, so the user is probably too busy enjoying it to notice anything. In the background, though, data is being harvested. The campaign has targeted popular gaming franchises – such as FIFA, Need for Speed, and Assassin’s Creed – in order to reach a huge audience. It also makes it easier to smuggle malware onto a PC when it’s under the guise of a known piece of software.

RenEngine is a loader, and it typically installs an infostealer called ARC in this campaign. ARC is designed to steal passwords, cookies, cryptocurrency wallets, clipboard content, and system information. Other malware has also been detected. Async and Backdoor.XWorm are both remote access trojans that give the hackers full access to an infected PC. Meanwhile, Rhadamanthys is another infostealer which has been deployed by RenEngine.

The combined impact of these malware strains means that crypto theft, compromised data, and financial fraud are all real possibilities. Furthermore, any data that is harvested can be sold on the dark web, opening you up to a wider range of attacks.

The scale of the campaign highlights a simple reality: cybercriminals know that many people are willing to take risks to get expensive games for free. They are exploiting that temptation on a massive scale. Reports suggest that hundreds of thousands of computers have already been affected.

Three Simple Ways to Stay Out of Trouble

Cybercriminals know that many people online are willing to take risks to get expensive games for free. It’s unlikely that your team will be downloading and installing the latest version of FIFA at work, but this attack isn’t limited purely to gaming. In fact, any type of software – from Excel through to Adobe – can be downloaded illegally for free. Accordingly, you need to know how to stay safe:

  • Block Torrent Sites: While some torrents contain genuine downloads, they’re also illegal and carry the risk of malware. The simplest way to prevent your organization from falling victim is to block access to all torrent sites.
  • Remove Install Privileges: Your employees shouldn’t need to install software on their PCs themselves. Instead, restrict installation privileges to members of your IT team. This ensures that software is only downloaded from official sources, limiting the risk of malware being installed.

For more ways to secure and optimize your business technology, contact your local IT professionals.