Woburn, MA – August 23, 2021 – Today Kaspersky announced that it has detected and prevented 5.8 million attacks by malware and other unwanted software disguised as popular PC games during Q3 2020 through Q2 2021. Researchers said the high volume of attacks over the past year may be connected to the rapid growth of gaming activities during the pandemic. The data came from Kaspersky’s latest game-related cyberthreats report, in which researchers assessed the changes to gaming-related threats during the pandemic.

The gaming industry witnessed unprecedented growth over the past 18 months, in part thanks to users being forced to seek additional entertainment as they stayed at home. Game sales soared and the industry is predicted to grow even further, reaching a potential peak of $175.5 billion by the end of 2021. With this in mind, Kaspersky researchers carried out a review of various game-related threats that its users faced throughout the pandemic, from attacks on PC and mobile to phishing schemes.

To get a clear picture of the trends, Kaspersky analyzed the attacks with malware and unwanted software disguised as the 24 most popular PC games and the top 10 mobile titles of 2021. The results showed that PC game-related cyberthreats soared with the introduction of lockdowns in Q2 2020, hitting 2.48 million detections worldwide – a 66% increase compared to Q1 2020, when 1.48 million attacks were detected. Interestingly, the number of attacks and affected users declined sharply in Q2 2021, to just 636,904 attacks.

In the United States, there were 2.4 infection attempts per 1,000 desktop users, placing it 51^st among the most-targeted countries. The top countries were Russia, at 16.9 and Kazakhstan, at 15.5.

Mobile games showed a slightly different trend, with the number of users affected globally growing by 185% at the beginning of the pandemic, from 1,138 users in February 2020 to 3,253 users in March 2020. Furthermore, there was just a 10% drop in users attacked per month in Q2 2021 versus Q2 2020. This showed that mobile threats remained attractive to cybercriminals even as lockdowns were being lifted across the world.

Minecraft topped the charts for both PC and mobile categories as the game most often used to disguise the distribution of unwanted software and malware. Such overwhelming popularity of Minecraft may be explained by the fact that there are multiple versions and a myriad of mods (additional modifications that can be installed on top of the game to diversify it and the gaming experience). Usually, the mods are created by users and are unofficial, providing a convenient disguise for malicious payloads or unwanted software. Throughout July 2020 to June 2021, 36,336 files disguised as Minecraft were distributed. They affected 184,887 PC users and resulted in 3,010,891 attempted infections, which is nearly half of the detected files and attacks during this period.

Top five PC game titles most often used as a disguise for the distribution of malware and unwanted software globally, Q3 2020 to Q2 2021

While the majority of files distributed under the guise of gaming titles were downloaders – programs capable of downloading other software to infected devices and adware – occasionally, both PC and mobile users faced much more serious threats, including Trojan-Stealers designed to steal data about cryptocurrency and other valuable data, as well as Trojan bankers and even backdoors.

On the left: this phishing page offers to download PUBG mobile, but all the user gets is unwanted software. On the right: a fake PUBG app is, in fact, a Trojan gathering user data

“We have witnessed a clear effect of the pandemic on the number of gaming-related threats,” said Anton V. Ivanov, security researcher at Kaspersky. “As more people switched to gaming, more users faced threats that were disguised as games. One popular method of threat distribution is phishing pages – there have been a myriad of them targeting users of different gaming platforms, many of which are very hard to tell apart from real sites for regular users. Another attack vector is warez sites – in particular, we have traced a well-coordinated campaign that distributed a dangerous dropper via such sites, affecting users in 45 countries.

“With development of in-game goodies and currencies, the gaming industry is becoming even more lucrative and appealing to cybercriminals. Perhaps the worst risks associated with game-related threats is the loss of account credentials, be it login details to a gaming account or, even worse, banking or cryptocurrency applications.

“All in all, sticking to official stores and staying vigilant when looking at game-related content is crucial for a safe experience.”

Learn more about the findings of the Game-related cyberthreats: Part 1 report on Securelist.

To stay safe while gaming, Kaspersky experts recommend:

• Using strong passwords and a unique one for every account. You can do that with the help of Kaspersky Password Manager to make using secure passwords easier. Using unique passwords means that even if one of your accounts gets stolen, it won’t compromise the rest. It’s safer to avoid using the same password for online games that you use for other services.
• Only downloading your apps from official stores like the Apple App Store, Google Play, or Amazon Appstore. Apps from these markets are not 100% secure, but at least they get checked by shop representatives, and there is some filtration system – not every app can get into these stores.
• Trying to avoid buying the first thing that pops up. Even during Steam’s summer sale, try to at least read some reviews before buying a little-known title. If something is fishy, people will probably figure it out, and this will come out in user comments.
• Not clicking on any links to external sites from the game chat, and carefully check the address of any resource that requests you enter your username and password; the page may be fake.
• Avoiding downloads of pirated software and other illegal content. Even if you are redirected to the webpage from a legitimate website.
• Using a strong, reliable security solution that won’t slow down your computer while you play. It will also protect you from all possible cyberthreats. We recommend Kaspersky Total Security – it works smoothly with Steam and other gaming services.
• Using a robust security solution to protect you from malicious software, such as the Kaspersky Internet Security for Android.