How to protect personal information

1. Set up separate accounts specifically for Twitch that won’t point to the real you in search results, social media or forums.
2. Your Twitch handle should not be your actual name, or even resemble it. This tip will be a recurring theme throughout this post: there is no need whatsoever for your fans to know your name or where you live. Use profile pics that are completely different from the ones on your social networks – similar photos are easy to find.
3. Twitch-related accounts (profiles on Discord, social networks, etc.) must be registered under your Twitch handle and not give away your real name. If you already have personal accounts on Twitter, YouTube and the like, do not use them in conjunction with Twitch, but create new ones.
4. We recommend that active streamers use a separate email and phone number that are linked only to accounts used for streaming (Twitch, Discord, YouTube, etc.).
5. If you accept snail mail (fan letters/gifts, etc.), set up a PO Box. And do not use the box for any other purpose. In some countries, a PO Box can be set up under any name, in which case use your Twitch handle. If that’s not an option and you need to give out personal information, ask the post office if there’s a way to avoid revealing your real name.
6. If Twitch becomes a regular source of income, consider setting up a legal entity and registering your domains, mailboxes and other assets under it.
7. Check out our detailed guide to Twitch security and privacy settings.
8. Use a strong unique password and two-factor authentication and install a comprehensive security solution for gamers on your computers that does not affect streaming and protects against phishing.

How to moderate Twitch chats

1. Draw up a list of chat rules and share it with fans. You’ll make life easier for yourself and your moderators. We recommend formulating rules such as: “It is forbidden to post links,” “It is forbidden to disclose names, contact details or other personal information in a chat” – this will protect both you and the chat participants.
2. If you don’t want fans to ask you about certain aspects of your personal life, you can explicitly set off-limit topics in the rules.
3. Posting links should be banned not only because of the threat of spam; special URL-shortening services can be used to spy on the IP addresses and other data of those who tap or click on the link.
4. Review the automatic chat moderation settings, and enable AutoMod if you think it will help you and your moderators. The level of moderation can be customized for sensitive topics. There is also a manually updatable list of bad words that can be filtered by AutoMod. Avoid sweeping bans on terms and topics – false positives annoy chatters.
5. If there are chat users you know personally (especially offline), ask them separately not to discuss topics that you consider inappropriate. Make sure you are on the same page regarding no-go topics.
6. If a chat user reveals any personal information about you (name, address or anything else), just delete the message and do not respond in any way. Do not comment on the veracity of the information. And delete personal information that someone has clearly made up – again without responding.

How to hide personal information in Twitch videos

1. Before you start streaming, make sure there’s nothing in shot that shouldn’t be there. Here are some things that can give away personal information to eagle-eyed viewers:
   • Envelopes, documents, bills, autographed photos, framed certificates.
   • Personalized or souvenir clothing. Besides your own name, the name of a school, university or company on a souvenir T-shirt, for example, could be used to identify you.
   • Personalized backpacks, mugs, plates, etc.
   • Distinctive pieces of furniture and jewelry.
   • Window views, even partial.
   • Underwear or very personal items.
   • Housemates, family members, pets.
2. Create a signature backdrop (physical or virtual), and use it in all your streams.
3. We recommend setting a short broadcast delay (from ten seconds to one minute) to give you time to react to potential glitches and incidents. This will make things much harder for stream snipers.
4. Turn off your smart speakers and other voice-activated gadgets, or move them to another room. There have been cases of voice assistants leaking information during streams.
5. If you are IRL streaming outside, always turn on your camera a good distance from home, so you don’t reveal the name of your street or a view of where you live. And it’s a bad idea to show buildings that could easily lead to you: school, workplace, nearby bus stops, stores, etc.
6. If you’re streaming from a public place, be aware that interlopers, including IRL stream snipers, can get in your shot. Be prepared: practice emergency muting and wallpapering, and more importantly, have a plan of action to get rid of the intruder.

How to hide personal information in Twitch screencasts

1. A lot of streamers show their screens. This is especially true for game streaming, but sometimes you may need to show something in your browser, Discord, or another app. Test all such apps in advance to make sure there is no inappropriate information on the screen.
2. When streaming, make sure that only the apps you need are running. Anything extraneous should be turned off, closed or moved to another monitor that is not in the stream.
3. Pay close attention to the contents of the Dock/Taskbar, tray icons (including the clock) and files on the desktop.
4. Check that pop-ups and notifications are disabled or displayed on a non-streaming monitor.
5. We recommend showing web content in a private browser used exclusively for this purpose, preferably in incognito mode. Make sure that you are not signed in to any personal accounts not related to streaming, such as email and other services.
6. Make sure your streaming browser is configured to block ads and tracking. Keep in mind that contextual advertising may reveal your interests and approximate location, so turn it off during streaming. Use Kaspersky Premium settings to minimize ads and privacy risks.
7. Again, set a slight delay in streaming (from ten seconds to one minute) to give yourself time to calmly deal with unforeseen situations and make the job of stream snipers more difficult.
8. Prepare animated background images – saying “Starting in a couple of minutes,” “Thank you,” “Be right back,” and so on – to keep your audience engaged while setting up or dealing with technical issues. These are easily added in OBS Studio.
9. Certain games and game consoles offer special tools to protect the privacy of streamers. Look for features that allow you to hide your alias and avatar, PSN username, region information and pings to game servers.

How to protect personal information in donations and wishlists

1. If Twitch is a regular source of income for you, consider creating a legal entity to pay your earnings into and help protect your real identity.
2. Twitch donations are usually made through PayPal. Any user can go to their payment history and view the real names of senders and recipients. To avoid such crude unmasking, use a PayPal business account.
3. If your country doesn’t allow PayPal or you can’t switch to a PayPal business account, choose a service that accepts bank card donations and doesn’t show the recipient’s real name.
4. If you receive gifts or snail mail in your PO Box, make sure that all name and address labels, post office stamps and other such information have been removed before showing such items to your viewers. Your PO Box for Twitch must not be used for anything else.
5. It is becoming common practice to create wishlists on marketplaces like Amazon. Create a separate account for your Twitch wishlist – do not put it under an account that you use for everyday purchases. If possible, register the account under your Twitch handle.

General privacy tips for Twitch streamers

It’s a good idea to start thinking about privacy from day one, without waiting until you become a super-streamer – it’s better to build a safety net right away than try to wipe your data off the internet later. Use our guide to design your own personal threat landscape, as practiced in corporate security.

And for maximum privacy protection, use an all-in-one security solution like Kaspersky Premium:

1. Protects against viruses and phishing.
2. Prevents intrusion attempts, including through remote access tools.
3. Blocks ads.
4. Removes traces of your activity.
5. Prevents online collection of personal data.
6. Detects leaks of personal data containing email addresses and phone numbers.
7. Provides encrypted storage of data and documents.
8. Offers premium priority technical support.
9. Includes a password manager with generation of two-factor authentication codes.

Your Kaspersky Premium subscription covers all your devices. For more information on features and capabilities, please see our separate posts on protection for computers and Android/iOS smartphones.

Malware in free-to-play Super Mario 3: Mario Forever

The Super Mario series (aka Super Mario Bros. or simply Mario) is one of the best-loved gaming universes. In its 38 years of existence there’ve been 24 original games in the main series alone, not to mention dozens of remakes and remasters. Besides that, there are seven spin-off series adding scores of games to the Mario universe. That said, they do all have one thing in common: all of these games — save for the rarest of exceptions — were officially released solely on Nintendo’s own platforms.

So what do you do if you want to play Mario on your computer? You have to download either a PC port or a so-called fangame. Bear in mind, however, that neither option is official or available for download on Nintendo’s own website.

Therefore, the search can often lead down some dark corridors, where enterprising-yet-dodgy types might slip you something malicious instead of a game. Something like this just happened with the free game Super Mario 3: Mario Forever, created by fans. Experts found versions of the game that infected the victim’s computer with several kinds of malware all at once.

What’s inside the infected Mario Forever

The attack chain is as follows: when the Mario Forever distribution kit is launched, the game gets installed on the computer, together with the SupremeBot mining client and a malicious Monero (XMR) miner. The mining client then installs another piece of malware on the computer — the Umbral stealer.

Umbral earns its crust by stealing almost any information of value that it can find on the victim’s machine: browser-stored credentials, cryptowallet keys, as well as session tokens — small files by which a site or online service remembers you so there’s no need to keep logging in (a bit like cookies). Umbral is particularly fond of hunting Discord, Telegram, Roblox and Minecraft tokens. Besides, the stealer can get webcam footage and screenshots from the infected computer. All in all, a particularly nasty piece of malware with wide-ranging functionality.

The result is a Pandora’s box of troubles for victims of the infected Super Mario 3: Mario Forever. First, their computers become sluggish and consume more power than usual due to background mining. Second, they’re at risk of account hijacking due to Umbral stealing their passwords. Third, and worst of all: if any cryptowallet private keys are stored on the computer, this threatens direct financial loss.

Gamer-attacking malware

In general, this problem is quite widespread. Pirated and free games from dubious sources are ideal territory for malicious miners. Gaming computers tend to be high-spec — especially the graphics card, which is what’s needed for mining in the first place.

This means they’re far better suited to mining cryptocurrency behind the user’s back than some boringly slow office machine. Detecting a hidden miner on your own is quite a hard job — one that requires a good antivirus.

Incidentally, the above-mentioned Roblox and Minecraft, for which Umbral likes to steal account session tokens, traditionally top the rankings of games most targeted by cybercriminals: from phishers to malware spreaders. Most recently, we wrote about how the Fractureiser stealer was distributed under the guise of Minecraft mods.

Protect yourself!

Finally, a few tips for gamers on how not to fall victim to cybercriminals:

• Download games only from official sources. This is the only guaranteed way not to pick up something unpleasant.
• If you’re looking to save money on games, there are safer methods than downloading pirated copies from shady sites and torrents.
• Don’t fall for pie-in-the-sky promises. A long-awaited game will not be downloadable before its official release (not legally at least), while a non-existent version for your particular platform won’t materialize through wishful thinking.
• Be careful when downloading and installing mods, and especially cheats — the latter are best avoided entirely, of course.
• To guard against stealers, try not to save passwords in your browser. Better to use a reliable password manager.
• And be sure to have installed on your gaming machine a robust solution with a special gaming mode that keeps you safe during play with no irritating slowdown.

How malware got into mods

According to the initial hypothesis, unknown cybercriminals compromised mod developers’ accounts on CurseForge.com and dev.bukkit.org. This allowed them to place their malicious code into several mods.

However, Prism Launcher developers suspect that someone may have exploited an unknown vulnerability in the Overwolf platform. They also posted a list of the mods known to be infected with fractureiser.

What is fractureiser malware and what does it do?

Enthusiasts report that after the compromised mod is installed and the game launched, malicious code downloads and executes additional payload from the remote server. This payload begins to create folders and scripts, and makes changes to the system registry in order to run malware after a reboot.

Independent researchers state that, in the final stage of the attack, the malware tries to spread the infection to all .jar files on the computer (supposedly trying to reach all previously downloaded mods). This malware can also steal cookie files and credentials stored in browsers. Furthermore, it’s capable of switching cryptowallet addresses on the clipboard.

Fractureiser infection signs

Reddit discussion concluded that the presence of the libWebGL64.jar file may be considered a definite sign of infection. The malware creates this file in the %LOCALAPPDATA%/Microsoft Edge/ or /AppData/Local/Microsoft Edge/ folder. To find this file you need to go to the “Folder options” menu (via “View”, then “Options” in Windows File Explorer), and enable the “Show hidden files, folders, and drives” option and disable “Hide protected operating system files” setting under the “View” tab.

How to stay safe?

If you play Minecraft and use third-party modifications, then probably the first thing you should do is check your PC with a reliable antivirus software. If scanning detects and deletes the malware, it would be a good idea to change all passwords to online resources you accessed from this computer.

Also, we would advise to follow the news and refrain from installing new mods for Minecraft until the situation is resolved (and we’re talking not only about mods downloaded directly from the aforementioned sites: it would be wise not to install them via third-party software either). Mods, add-ons and plugins for other games that are distributed in the same way don’t seem to be affected by this attack. However, if the delivery channel is indeed compromised, then it’s possible that attackers will find alternative methods of infection and endanger players of other games as well.

As a general rule, game modifications are developed by enthusiasts and hosted on independent platforms. Therefore, game developers are not responsible for their security and do not guarantee the safety of their use. This, it’s better to download game mods only to computers with security solutions installed.

But that didn’t deter our team, which has come up with a rather interesting method to do it. They took a gaming PC and five resource-intensive games, and examined the impact of three security solutions on the gaming process in a range of usage scenarios.

Research methodology

They chose a fairly modern gaming PC:

• Intel Core i7-12700K
• Nvidia RTX 2070
• Samsung 850 Evo 250GB SSD
• 2x G Skill Intl F4-3200C14-16GTZKW modules of 16GB each
• Asus TUF GAMING Z690-PLUS WIFI D4 motherboard

Next, they assembled a “golden image” — a primary copy of the hard drive with a freshly installed Windows 10 system and five games. After each series of tests, they restored the drive state from the golden image so that each run was carried out under the same conditions, on a fresh operating system with no artifacts left behind by previous software installations.

The first series of tests was carried out on a clean system without a security solution; at least — as far as this was possible, since if an external antivirus isn’t installed on Windows 10, the built-in Windows Defender is automatically enabled. Thus, the experiment involved:

• Windows Defender
• Kaspersky Internet Security
• Norton 360 for Gamers

The selected games were:

• Red Dead Redemption 2 (action-adventure)
• Far Cry 5 (first-person shooter)
• Dota 2 (multiplayer online battle arena)
• Shadow of the Tomb Raider (action-adventure)
• Counter-Strike: Global Offensive (multiplayer tactical first-person shooter)

These games have built-in benchmarks: preset scenarios that automatically load computer resources to check compatibility with that computer. That is, they show the relative performance of the game on a specific hardware in a specific environment.

Built-in benchmarks ensured that the game engine performed the same in each test. In case of real gamers’ participation in the study, it would have been impossible to get the same impact on the device in each trial.
The tests were carried out in different conditions: simple game, game with video stream recording to disk, and in online streaming mode. The researchers measured the frame rate (FPS) to see what impact the security solutions in the default configuration had on the games.

The verdict

It turns out that antivirus software has virtually no effect at all on gameplay. In the words of the researchers, “the tests revealed no impact on the gaming process.” All recorded deviations fell within the measurement error.

What’s more, the tests produced the same results both for our product (aimed at home users in general) and for a special gaming edition solution from our competitors. Here’s the conclusion word-for-word:

What else can antivirus interfere with?

So, antivirus software doesn’t slow down games, but what about other negative effects? Experienced gamers know that a security solution running in the background can let them down at the critical moment by:

• Launching a database update. What if, during an online session, the antivirus decides to update its databases, thereby overloading the internet channel? This will cause a slowdown, which can be fatal for online games.
• Showing notifications about intercepted threats. Your antivirus might suddenly decide to boast about stopping a threat. And, boom, just as you’re about to slay the final boss, a notification pops up.
• Scanning the hard drive. You’re so engrossed in a game that you don’t notice the time flying. But, thoughtfully scheduled for 7am, a full scan of the hard drive kicks in and ruins everything.

You might reasonably ask: why didn’t our researchers analyze antivirus impact on gameplay in these scenarios too? The answer is simple: Kaspersky products feature a special game mode. Enabled automatically when you start playing, it postpones antivirus database updates, notifications and regular drive scans (including scheduled ones) until after your session ends.

At the same time, it provides uninterrupted (and unnoticeable) protection in the background. Which means:

• The system is fully protected against any malware attacks — whether by good old ransomware or even fileless malware.
• Links you click on in a chat room are immediately scanned for scams, phishing, and other online threats.
• Your personal data is continuously monitored for leaks, including on the dark web.
• All passwords and keys are securely stored in encrypted form, protecting your accounts and all their contents (whether it’s cryptocurrency or skins) from takeover.
• A VPN connection hides your IP address, secures data in transit, and improves ping/latency — if you choose the fastest server (VPN not available for downloading or activation in Belarus, China, Saudi Arabia, Iran, Oman, Pakistan, and Qatar).
• Your home Wi-Fi is safe from intruders.
• Registry, autoloading and other system parameters are optimized for gaming so you don’t waste a single millisecond.

Moreover, Kaspersky Premium provides access to unique services like Priority Support Line, PC Health Check-Up, and Remote IT Services. It also allows to optimize your PC performance by cleaning up duplicate and large files, managing apps and activities, and much more.

Although children spend less time playing online games than adults, they remain one of the most sought-after targets for cybercriminals: after all, a kid can often easily lead you to their parent’s bank card.

Free cheese still smells nice

One of the most common scams targeting young gamers takes the form of an offer to generate in-game currency for free. That’s because kids today would rather get in-game currency from their parents than pocket money. To be the coolest-of-the-cool in pretty much any online game, you need virtual coins, and lots of them — such as V-bucks in Fortnite or Robux in Roblox. To avoid having to ask their parents to fork out, children are always on the lookout for free coins, which makes them vulnerable to cybercriminals.

Relying on most children’s rudimentary knowledge of cybersecurity, scammers don’t even bother with clever schemes: they literally spell out what data they want from their victims. For instance, on one phishing site that pretends to generate gems — the currency of the popular children’s game Brawl Stars — users are asked to answer just four questions to get as many gems as they please. As well as the desired number of gems and their in-game name, the user also has to hand over the e-mail address linked to the Supercell online game store and, guess what, the password for it! Why the young gamer needs to share this data, the creators of the site never explain.

Now in possession of the victim’s e-mail, the attackers can get a security code to log in to the Supercell account and hijack it by changing the password. So, instead of picking up lots of free gems, the unfortunate player may lose both their mail account and all their accumulated experience and currency in Brawl Stars.

Free cheeeeeese!

Other scams are even more primitive. One site we found invited users to download Valorant cheats that give an advantage over other players, together with a detailed installation guide.

One of the instructions was to disable all antivirus software before installing the file — otherwise the cheat would be flagged as a false positive and not be installed. The executable file is packed in a password-protected Winrar archive, the contents of which cannot be checked by the antivirus before unpacking, and it must be “Run as administrator” so that the virus gains full access to the victim’s computer. The longer the victim’s antivirus is disabled, the more data the scammers can potentially pump out. It helps if the child has their own computer, but what if it’s a shared home computer full of parental data, including passwords and bank card details?

The winner takes it all. From your PC.

Almost any adult would smell the cheese in the mousetrap, but to kids who know little about cybercriminal tricks, nothing feels off. Statistics show that malware disguised as Minecraft or Roblox was downloaded 3–4 times more often than games for mature audience. For more examples of child-targeting scams, see our threat report for young gamers.

The more experienced the player, the trickier the scam

To fool hardcore gamers, scammers have to be far more sophisticated. Targeting an adult audience, they create phishing sites that mimic 18+ games, such as GTA Online. But the result is the same: the victim is either scammed out of their data and game account, or asked to take an online “I’m not a robot” test, with the offer of a prize — for example, the latest iPhone or a PlayStation 5. Only, to receive it, a small commission needs to be paid. And as you may have guessed, after paying this the gamer gets no prize and may compromise their bank card instead.

Haven’t you seen the “Grand Theft” inscription? You were warned…

Also this year, cybercriminals have learned how to mimic the in-game stores of such popular games as CS:GO, PUBG, and Warface. To get a good skin at a low price, victims had to enter their credentials for Steam, or even for social networks like Twitter or Facebook. As soon as they entered this data, their account fell straight into the hands of the cybercriminals, and all the skins and artifacts there were sold to other gamers.

A farewell to arms

Another common trick is to offer bundles (tens or even hundreds) of licensed games for peanuts. But this meager sum must be paid from your bank card. Or you can get a “Battle pass” for free, but to confirm, say, your age, you need to give the numbers on both the front and back of your credit card. No prizes for guessing that this data will most likely be stolen and then sold on the dark web.

It won’t ever be as cheap as this! Oh, wait…

How to protect yourself against such threats?

Whether you’re a rookie or hardcore gamer, the threats you face are the same, and it’s worth knowing how to guard against them:

• Use strong passwords — a unique one for each account. Then, even if one of your accounts is hijacked, the others will still be yours. Don’t trust your memory? A password manager can help.
• Protect your accounts further with two-factor authentication.
• Use virtual bank cards and refill their balance exactly for the purchase amount. By entering the numbers from your bank card, you risk losing all the funds you have there. And remember that a bundle of licensed games selling for a song is a reason to be wary.
• Install a reliable antivirus solution on your computer — one that works seamlessly with Steam and other gaming platforms.

Kaspersky's antivirus products have a special game mode that automatically activates when you start games. Antivirus database updates, scheduled drive scans, and notifications are suspended in this mode, but protection continues to run in the background. Which means:

• your system is securely protected from any malware;
• your personal data is monitored for leaks;
• your passwords are stored in a secure, encrypted vault;
• all links you follow are checked for scams and phishing;
• your IP address is hidden by a VPN, which encrypts transmitted data and, by choosing the right server, improves ping/latency;
• finally, the operating system settings are optimized so you don’t lose a single millisecond of gaming.

Once a niche pastime, the gaming industry (approaching its 50^th anniversary) is now bigger than both Hollywood and the music industry — combined! To put this into perspective, so far this year more than 7000 titles have been released, eagerly awaited by around three billion gamers worldwide.

You might spend only a couple of hours per week gaming and do it just for fun, but if you’re serious about winning and want to invest time, money and effort, there are some well-established avenues to quickly improving your… game. If you want to learn from others, take a look at some insights we’ve collected while working with more than 10,000 global gamers to get their thoughts on everything from the performance of their computers to the ethics of winning and losing.

Our research revealed pro gamers are like professional sports stars. Key to a winning performance is obviously computer power. And gamers prefer to build their own desktop PCs rather than heading to a big box store.

What impressed us is the attention to detail as everyone carefully specifies hardware for the games they play to improve performance, with 66% purchasing a graphics card, memory, SSD, whole PC, or monitor that specifically meets their needs. Two of the most important hardware considerations are processing power (49%) and bandwidth (40%) as they offer advantages over rivals with slower data connections. Almost three-in-four are also very specific about the right accessories. The priorities go in this order: keyboards (38%), mice (37%), headsets or microphones (37%), and chairs (32%).

For people participating in e-sports tournaments or even friendly competitions, maintaining good mental health is essential to help you react under pressure, so 76% of active gamers work on this aspect too. Obviously, practice is very important, but, surprisingly, only 41% put it as a winning factor.

The vast majority of serious gamers are ready to use every possible method or trick to win — 85% said that they’d use inside knowledge to beat an opponent. The global community agrees on one thing — using dishonest methods to achieve your goal only highlights a lack of skill.

We talked to gamers from Europe to South America and Asia-Pacific, and they all said the same — their biggest beef with game makers is that their accounts have been hacked at some point in the last two years. And while the industry invests millions into graphics and game development, it’s a long way to go in terms of user account security — 63% of respondents agree their accounts are not properly protected.

So, how do all these factors rank at the end of the day?

We can contribute to a substantial improvement of game security, so here’s some advice for gamers wanting to maintain a high-level of performance and security:

• It’s safer to buy games only from official sites/stores and wait for sales on those sites. Sales happen quite often and it’s a much safer way to save money than buying from illegal stores or downloading pirated software. The probability of account loss and direct financial theft is much higher with pirated software as it’s regularly used by cybercrooks to find new victims.
• Beware of phishing campaigns that might take the form of fake notification emails from gaming services or direct messages from unfamiliar gamers. Criminals use these tactics to lure you to fake websites and steal your Steam, Discord or other credentials. They might also distribute malware disguised as a game mod or other attractive items. So, triple check the website’s address and avoid unfamiliar sites, and remember that offers that sound too good to be true — aren’t.
• Make sure your computer is always protected by cybersecurity software. There is exactly zero need to “disable your antivirus/internet security/firewall” to play. Modern security solutions, like Kaspersky Plus, have a special “gaming mode”, which allows you to play without FPS reduction or any distractions. If any game mod or utility requires you to disable your security, it’s a huge red flag.

Gamers are passionate people, hooked on their hobby, making them vulnerable to well-designed social engineering. Sometimes it’s enough to simply promise an Android version of a game that’s not on Google Play, or the chance to play games for free. Not to mention that in the world of gaming there is piracy, cheats and dark web forums selling hijacked accounts — a vast canvas for attackers to work with.

Open season on gamers has again been declared: cybercriminals are distributing the RedLine Trojan stealer under the guise of game cheats in an attempt to steal accounts, card numbers, cryptowallets and basically anything else within reach.

Watch on YouTube: Trojan disguised as a cheat

The details of Kaspersky’s latest discovery are set out in our Securelist post, but basically it works as follows: Attackers post videos on YouTube allegedly about how to use cheats in popular online games such as Rust, FIFA 22, DayZ and a couple dozen more. The videos look quite convincing and prompt actions that gamers who are no strangers to cheating are well accustomed to, in particular, following a link in the description to download a self-extracting archive and then running it.

If the download fails, the video creators kindly suggest disabling Windows SmartScreen, a filter that protects Microsoft Edge users from phishing and malicious sites. For some reason, however, they unkindly fail to mention that this will result in a whole package of malware being installed on the user’s computer at once.

First, the unlucky cheater will get the RedLine Trojan stealer, which steals almost any kind of valuable information on the computer, starting with browser-saved passwords. In addition, RedLine can execute commands on the computer, as well as download and install other programs onto the infected machine. So if it can’t manage some malicious task by itself, it can call on friends.

Second, RedLine comes with a cryptocurrency miner for deployment on the victim’s computer. Gaming computers are a logical target for cybercriminals in this regard, since they usually have powerful GPUs, which are quite useful for cryptocurrency mining.

The price to pay for using cheats

For real cheats, players can get banned by the game moderators, but a user who has downloaded and installed a fake cheat can face even worse problems.

First, when installed under the guise of a cheat, RedLine attempts to steal everything of value on the computer, in particular:

• Account passwords
• Card details
• Session cookies for logging in to accounts without passwords
• Cryptowallet keys
• Messenger chat history

Second, the cryptominer bundled with RedLine adds the following special effects:

• Computer slowdown
• GPU wear and tear
• Higher electricity bills

Plus the user risks paying with their reputation, because RedLine does another interesting thing: it downloads videos from the command-and-control server and posts them on the victim’s YouTube channel. These are the exact same videos about cheats with the exact same description: download and run the self-extracting archive, after which the cycle repeats but with the next victim. Thus, the Trojan spreads of its own accord, acquiring even more unwitting proponents in the process.

Incidentally, RedLine distributors previously employed a rather similar technique, trying to pass off a malware installer as a Windows 11 update or as an installer for Discord, a platform popular with gamers.

How to stay safe

We really should start with the obvious: don’t download cheats. Besides being unethical, it’s simply not safe. Cheats violate the user agreement with the game developer, which means they automatically occupy a gray zone. By extension, they are never distributed through secure official channels. And when downloading something from unofficial and unverified sources, the chances of encountering malware are always far greater.

In addition, we recommend turning on two-factor authentication wherever possible. That way, even if malware manages to sneak onto your computer and steal important passwords, it won’t be able to use them.

Better still, use and never disable protection features, including browser filtering and a proper security solution. In terms of functionality, even real-deal cheats have a lot in common with malware, which means antiviruses often block their installation. For this reason cheat developers encourage victims to disable their antivirus. You must not do this under any circumstances — once you disable protection, there’s no safety net below.

On June 21, a Twitter user who goes by the name of ohnePixel reported that $2,000,000+ worth of CS:GO skins have been stolen from a hacked account. The stolen items include such rarities as seven Souvenir AWP Dragon Lores, a no-star Karambit, Blue Gems and more. It’s worth mentioning that a Souvenir AWP Dragon Lore is the most expensive skin that CS:GO players can own, easily costing tens or even hundreds of thousands of dollars!

$2,000,000+ in CS:GO skins have been hacked and stolen (some items getting moved/sold as we speak)

this is the most expensive inventory all-time, containing the most legendary items in CS:GO history (7x souvenir dragon lores, no-star karambit, #1 blue gems)@CSGO @Steam pic.twitter.com/d80miZorNh

— ohnePixel (@ohnePixel) June 21, 2022

The alleged inventory has been private for the last three years. After the hack, the players started noticing the items in the inventory going public, and that’s when they knew something was up! According to the above-mentioned ohnePixel, the e-mail and password of the inventory owner’s Steam account were changed a week ago, but the hack went unnoticed.

Some streams even caught the process live on Twitch! Estimates of how much the stolen inventory could be worth vary from two to over four million dollars.

Skins and cosmetics in CS:GO are one of the most expensive items in the world of gaming due to the game’s huge popularity and long legacy. That said, the hacker either didn’t know the actual worth of the stolen items he was selling, or, more likely, preferred to make some quick cash and therefore was selling cheap. Whatever the case, most of the items were sold for a fraction of the market price.

Some of the stolen items seems to have been sold recently for a fraction of the normal asking price

How to protect your CS:GO treasures

We’ve been noticing of late a rise in attacks and hacks on almost every popular online game, and it’s due to a rise in player numbers and investments in virtual items. This is why it’s crucial to follow a proper guide on protecting your Steam account against scammers and trolls.

We’ve seen a lot of gamers falling victim to scams and hacks due to a lack of security measures. Some players would rather not have active AV software while playing an online game — in fear of reducing the performance of their machines. However, industry-leading antivirus solutions have a special gaming mode, which ensures your performance isn’t affected, notifications are muted, and at the same time your PC stays protected. So don’t forget to install a trusted security solution — and don’t disable it while playing.

About Cities: Skylines in brief

We apologize in advance to fans of the game, but for everyone else, we think it is necessary to provide a brief description — it’s important for the story. Cities: Skylines is a city simulator, and it looks something like this:

Screenshot from Cities: Skylines. Source

Cities: Skylines is a competitor and in some ways a successor to the famous SimCity series from the 1990s and 2000s, whose history (so far) ended with a failed release in 2013. Cities: Skylines was released in 2015 — quite a long time ago by standards of the ever-changing online world, but fans are unlikely to be scared by this.

Instead of releasing a new series, the creators of Cities: Skylines preferred an approach with gradual modification of the original game, releasing official expansion packs about every six months. The 13th release came out just recently. Each of these expansions adds new elements to the virtual world. It may be buildings (you can now build an airport of your own design), natural phenomena, development scenarios (“green” city), and so on.

Unofficial modifications expand the game even more. In fact, any player who seriously enjoys Cities: Skylines, will eventually start experimenting with mods. The game was originally designed to make it easy for users to develop and share modifications. Anybody can upload them to the public Steam Workshop directory.

With our without mods and addons, Cities: Skylines allows you to build your own city. Divide the land between housing, industry, and commerce. Plan roads and fight traffic jams. The game is so good and so realistic that people even used it to plan the transportation system of a real city!

An example of a good mod for Cities: Skylines is Traffic Manager: President Edition. It adds fine-tuning to the game’s basic road construction features: you can fine-tune traffic lights, set lane direction and speed limits, prohibit parking, and so on. Basically, the mod enables you to do things that are essential for traffic improvement, both in real life and in the game.

To summarize, you can play Cities: Skylines without extensions, but few fans do it, because a properly chosen set of mods both seriously improves game play and makes it more convenient. To make a long story short, if you want the full Cities: Skylines experience, use mods.

Vengeance mods

Now let’s go directly to events. On February 10, 2022, the creators of the aforementioned Traffic Manager: President Edition mod published a warning about malicious extensions for the game:

The creators of Traffic Manager: President Edition accuse the author of other mods of distributing malware. Source

The malicious functionality was relatively harmless: the extension randomly changed the speed limits on roads in the game. And not for all users, but only for those who were “lucky” enough to be in the mod creator’s list. This list includes the developers of Traffic Manager, the creators of the game, and other people that the list creator had real or imaginary complaints about.

But that’s not all. In the same post, the creator of the mod known as Chaos or Holy Water intentionally broke compatibility with other mods. As Cities: Skylines has a huge number of modifications, it needs a mechanism that prevents mod-related bugs in the game. The game creators settled for very simple compatibility check: they expect the mod developer to check everything themselves, and add incompatible extensions to a special list. Chaos/Holy Water took advantage of this feature, and started adding other popular extensions to the incompatibility list of their own mods.

When users asked the creator why the mod was incompatible with other extensions, and what to do, they referred to the poor quality of code from other developers, and offered their own version of another extension, slightly modifying the original. That is how Chaos tried to popularize their modifications and increase the number of their own add-ons for each user.

If the developer was criticized, Chaos/Holy Water retaliated by adding the Steam platform’s IDs of critics to their personal “enemies list,” which introduced arbitrary bugs in the game’s performance. There was some interesting internal drama among active fan players, but nothing serious enough to call it a real malicious attack. But wait — that’s not all!

Hundred percent backdoor

On February 14, 2022, the developers of Cities: Skylines published their description of the incident. It reports that the author’s extensions have been removed from the Steam Workshop site. The creators of the game insist that there was no malicious code in them. Clarifying, “No keyloggers, viruses, cryptocurrency mining software, or similar” was found. But further down in the text, there is a brief mention of the “Update from GitHub” extension by the same author. And what did this mod do? — it switched the add-on update mechanism from standard (via Steam Workshop) to an alternative one, updating mods directly from the creator’s repository on GitHub.

And this is a real backdoor: users who installed this modification along with a couple of other modifications by the same creator could’ve ended up downloading and running arbitrary code at any time. In a situation like this you can only rely on the conscience of the extension creator (although given the “enemies list,” this is clearly a bad idea).

Even if the backdoor creator does not plan to hack users of their mods, access to their GitHub account can be stolen or they can sell their account themselves (as often happens, for example, with browser extensions). Finally, if a mod is already installed, user will most likely need to remove it manually, but not everyone may get round to that. Fortunately, according to Cities: Skylines developers, only 50 people have been affected this time.

How to protect yourself from dangerous game mods

There are plenty of ways to get a user to download malware under the guise of an “official” program or game. But with custom extensions, things are more complicated: by definition, they are created in a “home-made” manner, and the developer of the game cannot control all the modifications. Therefore, as you expand the capabilities of your favorite game, be vigilant. Try to install mods from official sources, if possible. And if the mod creator advises you “in case of problems, disable your anti-virus,” think twice before doing so.

The incident with the mods for Cities: Skylines ended, thankfully, without too much drama. The malicious developer was banned, and it seems they had no intention of causing serious damage to players. But they created a rather complex mechanism of penetration users’ computers that exploited peculiarities of the community. And most importantly, they tried to bring users out from the control of the official platform for distributing mods.

In a worst-case scenario such a backdoor could be used to deliver malicious code that, for example, would steal passwords from the game service or mine cryptocurrency on player’s computer. Tracking the activity of such “shapeshifter programs” is standard functionality of any reliable security solution. On top of that our Kaspersky Security Cloud also features a special gaming mode that provides protection with a minimal impact to computer’s performance. So when experimenting with your favorite game, don’t forget about taking precautions.

According to the developers, they also plan to turn off servers for Dark Souls: Prepare To Die as well. Players fear that the same vulnerability could also affect the upcoming Elden Ring game, which is thought to use the same infrastructure. The bug is relevant only for PC users, so Xbox and PlayStation are unaffected.

Why Dark Souls vulnerability is so dangerous

This vulnerability allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program they wish (including installing malware). You can find a demonstration of the exploit in the Twitch stream of the player named The_Grim_Sleeper in which an unknown person launched a PowerShell script on the streamer’s computer that used the Windows Narrator engine to read out critical notes about the gameplay.

What is the chance that Dark Souls vulnerability will be exploited ITW?

The details of the exploit for this vulnerability are not available to the general public, at least not yet. Despite the ethically dubious way of drawing attention to the problem, the person behind the attack apparently was not trying to cause any real harm. Judging by the discussion in the Dark Souls community, the creator of the exploit has been trying to inform the game’s developers about this serious vulnerability for some time, but they had ignored his messages. That’s why he decided to hack a popular streamer right during the streaming session.

However, this information is not 100% reliable, in reality everything may not be so straight-forward. For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats. And one can only guess who else could get this information. Also, once demonstrated, other hackers may try to replicate the exploit and use it to cause real harm to players. There are various possible scenarios here: attackers can use it to steal passwords from game accounts or crypto wallets, install good old ransomware, hidden miners, and much more.

How to stay safe from Dark Souls vulnerability?

Apparently, FromSoftware is currently trying to solve the problem. Let’s hope they can fix the vulnerability quickly. However, in the meantime we recommend using high-quality security solutions for each device. Thanks to a special gaming mode, our antiviruses protect against all kinds of threats, including the exploitation of vulnerabilities, while consuming a minimum of PC resources and without interfering with the gameplay.