ESET discovers new threat targeting gamers

ESET, a global leader in cybersecurity, has discovered a new threat targeting gamers worldwide with backdoor, spying, and DDoS capabilities.

Spread via Aeria games published on unofficial websites the sneaky malware named Joao, is modular malware capable of downloading and running other malicious code on the victim’s computer.

To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games (MMORPGs) originally published by Aeria Games.

Research by ESET has shown that several other Aeria games have been misused in the same way in the past, however, their corresponding unofficial websites have either gone inactive or had the malicious downloads removed in the meantime.

The affected games have been modified to run Joao’s main component – a malicious library with downloading capabilities mskdbe.dll, detected by ESET’s systems as Win32/Joao.A. When users run the game launcher, Joao is launched along with it.

Upon launching, the Joao downloader first sends basic information about the infected computer – device name, OS version and information on user privileges – to the attacker’s server.

Because the malware keeps its operations “silent” and the game works as expected, there’s nothing suspicious about the whole infection process from the user’s point of view. Compared to downloading and launching a legitimate Aeria game, the only visible difference is an extra .dll file in the game’s installation folder.

After the communication with the server has been established, server-side logic decides whether and which components will be sent to the victim’s computer.The compnents discovered by eset showed backdoor, spying, and DDoS capabilities.

To clean the malware, one can use a reliable security solution to detect and remove the threat. You can also use ESET’s Free Online Scanner.

To avoid infections gamers are advised to Favor official sources whenever possible and to keep all games updated to avoid vulnerabilities that can be exploited by malicious actors.
In addition they should also use a reliable security solution while playing since many security solutions today have a gamer mode option that lets you enjoy your games without interruptions while also keeping your computer protected.