Kaspersky: Cyberattacks on young gamers surge by 30%

The number of unique users targeted by cybercriminals using popular children’s games as a lure has surged by 30% in the first six months of 2024 compared to the latter half of 2023, according to experts from Kaspersky.

Researchers analysed gaming risks for young players and discovered that more than 132,000 users had been targeted by cybercriminals over this period. This data is detailed in the latest Kaspersky report on cybercrimes targeting young gamers.

Kaspersky’s analysis indicates that over 6.6 million attempted attacks, where cybercriminals used the brands of children’s games as a lure, were detected between July 1, 2023, and June 30, 2024. The majority of these attacks were associated with popular games such as Minecraft, Roblox, and Among Us. According to Kaspersky’s statistics, more than 3 million of these attempted attacks were under the guise of Minecraft, largely due to the game's popularity and the widespread use of cheats and mods, which are often distributed on third-party websites, making them an ideal vehicle for malware.

Kaspersky experts attribute the higher success rates detected in 2024 to trends observed in the general cyberthreat landscape. The increase in attacks is partly due to cybercriminals launching more sophisticated schemes that exploit current trends, as opposed to using generic attacks. Furthermore, the use of artificial intelligence to automate and personalise phishing attacks has made these fraudulent schemes more convincing and difficult to detect for young gamers. Additionally, new advanced phishing kits—pre-made templates of phishing pages—are consistently appearing on the dark web, allowing a growing number of attackers to deploy highly effective phishing sites that mimic popular gaming platforms.

One prevalent scam involves offering new skins for characters in games like Valorant. Some skins are highly desirable due to their rarity. Kaspersky found an example of a scam using the name of the well-known YouTuber Mr. Beast. By leveraging the trust associated with this public figure, the scam prompts children to enter their gaming account login and password to receive a skin, thereby exposing their credentials to theft.

Another frequent scam involves the promise of in-game currency. An example examined by Kaspersky involved Pokémon GO. Users are asked to input their gaming account username and then complete a survey to prove that they are not bots. Upon completing the survey, users are redirected to a fake website that usually promises free prizes or giveaways. This redirection often leads to more dangerous scams involving fake downloads, prize claims, or other deceptive tactics, rather than directly stealing personal data.

Vasily M. Kolesnikov, a security expert at Kaspersky, commented on the situation: “Throughout our research, we see attacks on children becoming a common vector of cybercriminal activities. That’s why cyber hygiene education and the use of trusted cybersecurity solutions are a ‘must-have’ in building children’s safety in the online environment. By fostering their critical thinking, responsible online behaviour, and a strong understanding of the risks, we can create a safer and more positive online experience for this generation of digital natives.”

To keep children safe online, Kaspersky has recommended several guidelines. These include open communication between parents and children about potential online risks, helping children choose unique passwords and changing them periodically, setting and reviewing ground rules for online activities, and fostering an understanding of cybersecurity. Parents are encouraged to use dedicated digital parenting apps like Kaspersky Safe Kids to safeguard their children’s digital experience. Additionally, it is advised that parents install trusted security solutions on their children’s devices to protect against the downloading of malicious files during gaming.