Story image

Cybercriminals caught targeting gamers with sneaky malware

08 Sep 2017

​ESET researchers have revealed a new sinister malware that is targeting gamers around the world.

Labelled Joao, the malware is spread via hacked Aeria games that are offered on unofficial websites. The malware is then able to download and install virtually any other malicious code on the victim’s computer.

"To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games (MMORPGs) originally published by Aeria Games,” says ESET malware analyst, Tomáš Gardoñ.

“Our research has shown that several other Aeria games have been misused in the same way in the past, however, their corresponding unofficial websites have either gone inactive or had the malicious downloads removed in the meantime.”

ESET has blocked the website that is serving Joao malware and let Aeria Games know about the infringement.

In terms of how it works, ESET says the affected games are then modified to run Joao’s malicious componentry which means when the game launcher is run, so too is Joao.

“Upon launching, the Joao downloader first sends basic information about the infected computer – device name, OS version and information on user privileges – to the attacker’s server because the malware keeps its operations “silent” and since the game works as expected, there’s nothing suspicious about the whole infection process from the user’s point of view,” says Gardoñ.

“Compared to downloading and launching a legitimate Aeria game, the only visible difference is an extra .dll file in the game’s installation folder.”

ESET revealed the Joao components they discovered during their research had backdoor, spying, and DDoS capabilities.

Now, ESET says if you’re one of those or you know someone who does download lots of games from different sources and unsure if this news applies to you, there is a quick and easy way to see if Joao malware is lurking on your computer.

Simply run a search on your computer for “mskdbe.dll” – if you get a hit, then it’s likely your computer has been infected.

However, if no such file is found then you’re not out of the woods just yet as the cybercriminals can rename the file at any moment.

For that reason, ESET recommends using a cybersecurity solution that can detect the threat and remove it for you.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.