Online gaming is among the fastest growing digital entertainment in the Internet. The fact that online gaming has millions of active players has brought it within sight of cybercriminals.
Recently, Kaspersky Lab, a leading developer of secure content and threat management solutions, has uncovered a massive cyberespionage campaign against certain online gaming companies. The report said that one of these affected companies has operations in the Philippines.
Kaspersky Lab reported that a cybercriminal group calling itself “Winnti” has been actively attacking online video gaming companies since 2009, stealing digital certificates signed by legitimate software vendors and also source code of online game projects.
The Winnti team is targeting gaming companies located in various parts of the world but has a stronger focus on Southeast Asia. Among the countries that have been affected are the Philippines, India, Indonesia, China, Taiwan, Thailand, South Korea, Japan, Belarus, Germany, Russia, Brazil, Peru, and the United States.
It was first detected in 2011, when a malicious Trojan was detected on a large number of end-user computers across the globe and was accidentally installed in the PC of some online gamers.
“Winnti’ was originally thought that the online game publisher from where the piece of malicious software was installed was spying on their gamers. The authors, it seemed, were actually targeting the server of the online gaming provider.
Kaspersky Lab analyzed the suspicious program upon the request of the targeted online gaming publisher. Upon analysis, the Trojan is a DLL library that could function as a Remote Administration Tool (RAT) that could control the victims’ computers without being detected.
The malicious module actually had a valid digital signature that turned out to come from another online gaming company that was issued by Verisign.
The digital signature was later revoked upon report of its abuse by the cybercrime group.
Kaspersky Lab later followed a trail of compromised digital signatures from legitimate online gaming companies used by the Winnti group, most of which were from South Korea.
These signatures were distributed for use to other hacking groups. Kaspersky Lab listed a number of the companies whose digital certificates were stolen, which include Korean firms ESTsoft Corp. Kog Co., MGAME Corp., Sesisoft, Wemade, and Neowiz. Chinese firms Guangzhou YuanLuo and Fantasy Technology Corp., and Japanese game publishers YNK Japan and Rosso Index KK were also targeted.
LivePlex Corp, a South Korean online gaming publisher has operations in the Philippines.
Apart from industrial cyberespionage, Kaspersky Lab experts also found out other illegal money-making schemes are being used by the Winnti group using their malware campaign. These include:
· Manipulate the accumulation of in-game currency, such as “runes” or “gold” that’s used by players and convert the accumulated virtual money into real money;
· Use the stolen source code from online game servers to search for vulnerabilities inside games to augment and accelerate the manipulation of in-game currency and its accumulation without suspicion;
· Use the stolen source code from servers of popular online games in order to deploy their own pirated servers.
Jimmy Fong, Channel Sales Director for Kasperky Lab in Southeast Asia, said “We encouraging online gamers to exercise caution when using PCs for their online gaming activities. While most gamers use their own devices to play, there are still who use Internet cafes for playing.”
“It is recommended that gamers check if the PCs they are using have the proper security applications installed and updated,” he added.
Fong advised gamers must also be extra careful when using their PCs to conduct online transactions by using legitimate software and having the latest updates to ensure that cybercriminals do not easily infiltrate their PCs for their illicit activities.