Earlier in September, researchers from Russian cybersecurity firm F.A.C.C.T. discovered a campaign where hackers attempted to deliver XMRig to workers at Russian tech companies, retail marketplaces, insurance firms, and financial businesses through malicious email auto-replies. Suspected Russian-speaking hackers are using malicious versions of popular pirated games to install cryptomining software known as XMRig on their victims' devices, researchers have found. As part of the campaign discovered by Kaspersky, the hackers delivered open-source cryptocurrency mining software XMRig to their victims via popular simulator and open-world games that require minimal disk space. Malicious versions of games such as BeamNG.drive, Garry’s Mod, Dyson Sphere Program, Universe Sandbox and Plutocracy were hosted on torrent sites, which are often used for the illegal sharing of copyrighted content like movies, music, software and games. The attacks, conducted by a previously unidentified threat actor, mostly affected users in Russia, with additional cases observed in Belarus, Kazakhstan, Germany, and Brazil, according to a new report by Russian cybersecurity firm Kaspersky. Outside of cryptominers like XMRig, pirated games can also be tainted with other malware tied to cybercrime, such as botnets used for distributed denial-of-service (DDoS) attacks and spam campaigns. After Western companies withdrew from Russia following its invasion of Ukraine in 2022, pirated versions of films and games became even more prevalent. The campaign discovered by Kaspersky was launched on New Year’s Eve, as criminals likely tried to exploit reduced vigilance and increased torrent traffic during the holiday season, researchers said.
This Cyber News was published on therecord.media. Publication date: Thu, 20 Feb 2025 19:05:07 +0000