Stopping at nothing, cybercriminals target games like Minecraft, Roblox, Apex Legend or Fortnite, to scam young players, great fans of these popular titles, who are easy prey.
Cybercriminals stop at nothing to line their pockets, including preying on the poor. Young players – and their parents with them – unfortunately bear the brunt of this every year, in particular through games of the type free-to-play with microtransactions – in short, the title is free but players can buy items, equipment and costumes (skins) with real money. An economic model that makes the youngest their real target in the game, the game being easy to access while being likely to make them give in to the call of the bank card – and not necessarily theirs… In other words that it’s a whole range of possibilities to exploit inexperienced users and unfamiliar with computers that are open to hackers!
In a report published on 1er March 2023, Kaspersky computer security researchers have looked into the hacking campaigns carried out in this type of video game. In the year 2022, their cybersecurity software detected over 7 million attacks in titles categorized as “popular with very young people” – between 3 and 16 years old – which corresponds to an increase of 57% compared to 2021. Among the most targeted games, we find in first position Minecraft, which alone accounts for 55.9% of detected transactions, followed by Roblox (15.4%), Among Us (10.9%), Poppy Playtime (4.4%), Brawl Stars (3.8%), Toca Life World (3.2%), Fortnite (3%) and Valorant (2.8%). Only for Roblox, Minecraft, Fortnite And Apex Legends, more than 878,000 phishing pages were detected in 2022. Hackers are not stupid, they know very well that children and teenagers have fun on computers, tablets or smartphones that are also used by parents. And it is the latter’s bank cards that they are targeting…
Minecraft, Apex Legend, Fortnite: insert phishing pages and malware
Cybercriminals capitalize on the naivety and computer illiteracy of children and teenagers in the hope of gaining access to their parents’ banking data. And for this, they have developed several techniques. The first is to offer packs or virtual in-game currency for free – like V-bucks in Fortnite or the Robux in Roblox –, which allows microtransactions to be carried out within the title and is generally purchased with “real” money. To do this, hackers create phishing sites identical to the interfaces of many popular game stores, propelled on social networks and referenced among the first results of Google. Another variant is to improve the characteristics of his character for a fee – which is quite attractive for online games.
In the gaming community, there are many who use cheat software (cheats) and mods – modification by a third party of a video game. Hackers have therefore also set up phishing pages there to be able to download them, with the gift of malware and other unwanted applications. Thus, Kaspersky teams report that nearly 40,000 young gamers – 14% more than in 2021 – tried to download malware posing as Roblox, which is all the more worrying since half of the users of this popular free-to-play are players under 13 years old. “The majority of victims of these attacks are therefore potentially children who lack knowledge of cybersecurity.“, explains the cybersecurity company. Worse still, the scammers offer manuals to “explain” to the victims how to install the cheat or the mod… remembering to ask them to deactivate their antivirus in order to be able to install the file. Malware, including the Trojan-SMS and Trojan Spy Trojans, can then sneak in with impunity! disgusting again, among the games whose users were the most attacked in 2022, we find the titles Poppy Playtime (11,164 attacks) and Toca Life World (8,155 attacks), aimed at children aged 3 to 8. Also, it is absolutely imperative to monitor the video game activities of your teenagers and children, and to make them aware of the dangers of digital technology (see our article).
