Crypto Jacking Threat Lurks in Online Games, Trend Micro Warns

Cybersecurity solutions provider Trend Micro flagged on Monday the vulnerability of online games to illegal cryptocurrency mining in the Philippines, home to one the of world's most active mobile gaming bases.

“Mining cryptocurrencies comes with a price, taking up a significant portion of a computer’s processor capacity and consuming a huge amount of power,” Trend Micro technology marketing director Myla Pilao said in a message to Cryptovest. “Because of the high cost, some cryptocurrency miners resort to ‘crypto jacking’ or the unauthorized insertion of mining scripts in online games, advertisements, and other websites with high traffic,” she added.

Players of League of Legends in the Philippines recently became the target of crypto jacking. On Facebook, the multiplayer online battle arena (MOBA) video game reported an “unauthorized modification” of its client lobby with the insertion of a JavaScript that performs cryptocurrency mining.

Pilao noted:

“The steep ascent in the value of cryptocurrencies has prompted new mining malware and other threats. In the first half of 2018, cryptocurrency miners topped the list of malware detected, based on data from our Trend Micro Smart Protection Network.”

Gamers have become a prime target for cybercriminals, Trend Micro said. In the Philippines, 11.42 million individuals play online video games, according to market and consumer data provider Statista.

“Developers and players make for good targets for cybercriminals, who see online games as a platform for stealing user information, invading privacy, or spreading malicious content and malware,” Pilao said.

Other attacks in online games

Earlier this year, some players of cooperative survival shooting video game Fortnite reported their accounts were being taken over. Fraudulent purchases of the game's different versions, as well as its online currency and cosmetic items for in-game characters, were made using details saved on the compromised game accounts.

Hackers could get into a player's account by merely designing a phishing site or a hacking tool that asks for a player's credentials. They could also get players to download a file that delivers information-stealing or keylogger malware onto the PC system.

Attackers pursue a range of objectives, from stealing in-game items and holding characters hostage for ransom to possessing personal information that could either be sold in underground cyber markets or used to invade the victims' privacy further.

Stolen online gaming currencies, for one, have serious real-world implications, Trend Micro noted. Aside from trading them for profits, hackers launder payments from illicit activities by converting them into untraceable digital currencies and using them to fund other schemes.

“Gamers must be aware of the privacy risks involved, especially when a majority of the popular games these days have either an online component or a pay-as-you-play business model where in-game items and add-ons can be bought with real money,” Pilao added.