Gaming-related cyberthreats in 2020 and 2021

[harlan4096]

Part 1 of gaming-related cyberthreat report

The video game industry is soaring, not in the least thanks to the lockdowns, which forced people to look for new ways to entertain themselves and socialize. Even with things going back to normal, gaming is expected to have a very bright future. Newzoo estimates the industry to gross 175.8 billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures.

This rapid growth owes a lot to the surge in mobile gaming and focus on social interaction during the pandemic. With 2.7 billion gamers worldwide, virtual worlds offer not just an opportunity to unwind, but to connect with people from every part of the globe. Additionally, the number of gamers will continue to rise.

Mobile games especially draw ever more users. Analysts predict that mobile gaming will account for $90.7 billion to $120 billion of the revenue in 2021, which is more than half of the estimated gaming industry value. Last year’s lockdowns gave a boost to the mobile market, with users downloading thirty percent more mobile games per week in Q1 2021 than in Q4 2019 globally, reaching over one billion weekly downloads. Global consumer spending on mobile games reached $44.7 billion in the first half of 2021.

With the growth of the gaming industry being this rapid, we as cybersecurity researchers ask ourselves what this means for user security. Earlier in 2021, we looked at the dynamics of gaming-related web attacks over the course of the pandemic, identifying an increase in that sector. But with so many platforms offering to play threats are not limited to web.

To get a better grasp of the threat landscape that gamers are faced with, we decided to take a closer look at gaming-related cyberthreats. In this report, we cover PC and mobile threats as well as various phishing schemes that capitalize on popular games.

Methodology

To measure the level of the cybersecurity risk associated with gaming, we investigated several types of threats. We examined malware and unwanted software disguised as popular PC and mobile games. We also looked in greater detail at some of the strains of malware being distributed and the dangers they pose for users. Additionally, we checked our database for gaming-related spam campaigns and phishing schemes that are used in the wild.

This report contains threat statistics obtained from Kaspersky Security Network, which processes anonymized cybersecurity data voluntarily provided by users of Kaspersky products. These statistics indicate how often and how many users of our products have encountered gaming-related cyberthreats during the reporting period.

Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021. Pandemic-related statistics cover the period of January 2020 through June 2021.

As a result, we discovered the following:

• The total number of users who encountered gaming-related malware and unwanted software from July 1, 2020 through June 30, 2021 was 303,827, with 69,244 files distributed under the guise of twenty-four most-played PC games;
  
• Quarterly dynamics showed that the number of users affected by PC-specific gaming-related cyberthreats rose at the beginning of the pandemic but then dropped in Q1-Q2 2021 compared to Q1-Q2 2020 as the lockdowns forced more users to search for free games. Meanwhile, mobile games show a different trend, with the number of users affected growing by 185% at the beginning of the pandemic and declining by just 10% by Q2 2021, meaning that mobile threats were still actively employed by cybercriminals.
  
• The top five PC games used as bait in the attacks targeting the largest number of users are Minecraft, The Sims 4, PUBG, Fortnite and Grand Theft Auto V.
  
• We uncovered a massive, coordinated campaign that distributed Swarez Dropper via numerous warez sites that were SEO-optimized. With its payload gathering secrets from browsers, crypto wallets and other applications, this malware affected users in forty-five countries.
  
• The top three mobile games most often used as bait were Minecraft, PUBG Mobile and Among Us.
  
• A total of 50,644 users attempted to download 10,488 unique files disguised as the ten most-played mobile games, generating a total of 332,570 detections in July 2020 through June 2021.
  
• Most threats uncovered on PC and mobile devices were unwanted applications, but dangerous malware was also present: from stealers to bankers, often leading to the loss of not just credentials but money, including cryptocurrency.
  
• Gaming-themed phishing schemes are highly versatile and with more gaming events taking place, cybercriminals are expanding scenarios in which they attempt to extract user data.
  

...

Continue Reading