AN URGENT warning has gone out to gamers after a alleged scam to rob players of thousands of pounds was uncovered.
Malware has reportedly been uploaded to a popular game on Steam, which could give hackers full access to your personal information.
2
2
A hacker – known as EncryptHub – has eportedly compromised a game on the online platform Steam, which now installs info-stealing malware on devices – when downloaded.
The sinister scammer – also known as Larva-208 – allegedly launched his plot on July 22 when he uploaded the HijackLoader malware (CVKRUTNP.exe) onto the game.
According to Bleeping Computer, this dodgy software was uploaded to the popular game Chemia, originally developed by Aether Forge Studios.
The software establishes “persistence” – meaning it gives a hacker unlimited access – on your device.
Then, it downloads the Vidar infostealer (v9d9.exe) while receiving a command-and-control address from a Telegram channel.
A second piece of malware allegedly added to Chemia harvests your data from web browsers – including your account details, auto-fill information, cookies and cryptocurrency data.
With all of that data and access to your computer, the hacker is then able to rob users of their hard-earned cash.
A report shared with BleepingComputer revealed that the scheme relies on players trusting online platforms, instead of using “traditional deception techniques”.
It is unknown how EncryptHub allegedly managed to upload the files onto the game and Chemia’s developer has not commented on the issue.
The game remains on Steam and it is unclear if the latest version is safe to download.
The Sun has contacted Steam’s operator, Valve, for comment.
EncryptHub was behind a cyberattack campaign last year which affected 600 companies worldwide.
The news comes after the beloved supermarket M&S recovers from a major cyberattack this year.
Marks and Spencer was forced to shut down their online website while it grappled with the crisis, while £700 million was wiped off its stock market value.
Eventually, the retailer was able to return to normal after being unable to make deliveries for some time.
After the attack, the company offered users of its Sparks loyalty scheme the chance to choose between two of M&S’ best selling products.
These included:
- Percy Pigs or a Swiss Truffle Assortment Box
- Bouquet of Flowers or bottle of Prosecco
- A punnet of Grapes or a packet of Outrageously Chocolatey Round Biscuits.
Sharry Cramond, director of loyalty, fashion, home & beauty marketing and masterbrand, said: “Over the last three months, our colleagues have demonstrated real commitment and teamwork. At the same time, our customers have shown us fantastic support and loyalty.
“These extra Sparks rewards are a small gesture to say thank you.”
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
