Gushiken Yona
A concerning trend has emerged in the video gaming community with the discovery of malware specifically targeting video game cheaters. Operating as an infostealer, this malicious software, orchestrated by an unidentified threat actor, is aimed at individuals engaged in Pay-to-Cheat practices within video games.
The alarm was first raised when PhantomOverlay, a prominent Call of Duty cheat provider, detected unauthorized purchases made through user accounts. Acting swiftly, the cheat provider alerted suspected victims, subsequently uncovering a growing number of compromised accounts.
The scale of the breach is staggering, with thousands of gaming accounts compromised across various platforms, based on the report of malware market informer @vxunderground. Current estimates suggest that over 3.6 million Battlenet accounts, 561,000 Activision accounts, over 117,000 Elite PVPers accounts, 572,831 UnknownCheats accounts, and 1,365 PhantomOverlay accounts have fallen victim to the infostealer.
Further exacerbating the situation, victims have reported instances of crypto-draining, where their Electrum BTC wallets have been systematically drained of funds. While the exact extent of the financial losses remains unclear, the gaming malware also stole gamers’ personal information.
“It should be noted that some of these accounts are also not cheaters. Some users impacted utilized gaming software for latency improvement, VPNs, and controller-boosting software,” @vxunderground shared, adding, “Well, they’re presumably stealing more than just their Call of Duty-related accounts. Being a cheater does not mean you should have your wallet drained.”
In response to mounting concerns, Activision Blizzard reassured players that its servers remain secure and uncompromised. An official spokesperson emphasized the company’s unwavering commitment to player account security, urging players to take proactive measures such as changing passwords and implementing two-factor authentication.
“There have been claims that some player credentials across the broader industry could be compromised by malware from downloading or using unauthorized software. Activision Blizzard servers remain secure and uncompromised. Our priority is always player account security. If players believe they may have clicked on a suspicious link or if they want to ensure their account is protected, they can change their password and follow recommended best practices here such as adding two-factor authentication,” an Activision Blizzard spokesperson said in a statement issued to CharlieIntel.
Reports suggested that the compromise stemmed from downloading unauthorized software, such as cheats, rather than any breach of the company’s servers. As investigations continue, gamers are advised to exercise caution and remain vigilant against potential threats lurking within the gaming ecosystem.
