ESET discovers new threat targeting gamers

ESET, a global leader in cybersecurity, has discovered a new threat targeting gamers worldwide with backdoor, spying, and DDoS capabilities.

Spread via Aeria games published on unofficial websites the sneaky malware named Joao, is modular malware capable of downloading and running other malicious code on the victim’s computer.

To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games (MMORPGs) originally published by Aeria Games.

Research by ESET has shown that several other Aeria games have been misused in the same way in the past, however, their corresponding unofficial websites have either gone inactive or had the malicious downloads removed in the meantime.

The affected games have been modified to run Joao’s main component – a malicious library with downloading capabilities mskdbe.dll, detected by ESET’s systems as Win32/Joao.A. When users run the game launcher, Joao is launched along with it.

Upon launching, the Joao downloader first sends basic information about the infected computer – device name, OS version and information on user privileges – to the attacker’s server.

 

Figure 1: Infected version of Grand Fantasia as distributed via gf.ignitgames[.]to.

Figure 2: Joao downloader in the game’s installation folder

Because the malware keeps its operations “silent” and the game works as expected, there’s nothing suspicious about the whole infection process from the user’s point of view. Compared to downloading and launching a legitimate Aeria game, the only visible difference is an extra .dll file in the game’s installation folder.

After the communication with the server has been established, server-side logic decides whether and which components will be sent to the victim’s computer.The compnents discovered by eset showed backdoor, spying, and DDoS capabilities.

To clean the malware, one can use a reliable security solution to detect and remove the threat. You can also use ESET’s Free Online Scanner.

To avoid infections gamers are advised to Favor official sources whenever possible and to keep all games updated to avoid vulnerabilities that can be exploited by malicious actors.
In addition they should also use a reliable security solution while playing since many security solutions today have a gamer mode option that lets you enjoy your games without interruptions while also keeping your computer protected.

Picture of BT Correspondent
BT Correspondent
editor [at] businesstoday.co.ke

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Aquila East Africa, a leading Kenyan integrated communications firm has expanded into Rwanda and Uganda, signifying the growing potential of homegrown businesses
The 16th edition of the CIO100 Awards 2004 will bring together Africa's most influential IT leaders to discuss the latest trends and

Social Health Authority (SHA) acting CEO Elijah Wachira has been sent on compulsory leave for 90 days. According to the suspension letter

The Teachers Service Commission (TSC) has announced 5,690 job vacancies for senior teachers, open and available for immediate hiring, with applications closing