Unveiling Digital Hazards – Threats Confronting Young Gamers

Case Study – 1

 

Synopsis: In June 2023, the Minecraft community faced a significant security breach as the accounts of popular modding sites, including CurseForge and Dev.Bukkit.org, were compromised.

Malicious software, notably the “Fractureiser,” infiltrated systems through widely-used mods and plugins, causing widespread concern.

The alarming aspect was the detection of Fractureiser within mod packs, which are thematic collections of mods for easy installation. Given the mod packs’ popularity among minecraft enthusiasts, the malware quickly gained traction, infecting numerous systems. 

 

Fractureiser exhibited destructive capabilities including:

 

  • Propagation to all jar files on the system spreading to initially uninfected mods and other Java programs within the system.
  • Arbitrary injection of cryptocurrency addresses into the clipboard.
  • Theft of cookies and user credentials from web browsers.
  • Exfiltration of credentials for Discord, Microsoft and Minecraft.

 

In response to the breach, the modding website, CurseForge promptly released a statement. They announced the banning of accounts that were linked to the malware and initiated a comprehensive analysis of all newly uploaded files and projects to ensure the community’s safety.

 

Case Study – 2

 

Synopsis: In a disconcerting revelation, the mobile horror game “Scary Granny Zombye Mod: The horror game 2019” with a substantial 50,000 downloads was identified as malicious application, stealthily pilfering gamers’ Google and Facebook credentials and surreptitiously exfiltrating their data upon account login. The app masked as an innocuous game adeptly evaded detection for an extended period. 

 

The Social engineering implemented by the threat actors to make this work was as follows: 

 

  • Embedded malware activated its modules precisely 48 hours post-installation.
  • Targeted older Android versions and sought permissions for auto-initiation after a smartphone restart.
  • Utilized full-screen Phishing overlays presenting users with fabricated Google login page, albeit with a misspelled “Sign in” option.
  • Following successful acquisition of google credentials, the app would escalate intrusion to collect recovery emails, phone numbers, verification codes, birth dates, cookies and login tokens.
  • Examination of the app’s network traffic unveiled a sophisticated mechanism, logging into the user’s account through an embedded browser, transmitting critical data to threat actors. 

The app has since been taken down by google following reports of malicious activities.



Avatar photo

Author

Joshua Anthony

MarCom Strategist Josh, brings a dynamic blend of creativity and analytical prowess honed through hands-on experience including launching a personal Shopify Store as a hobby when he was still in university. He finds joy in delving into market research and analysis , crafting strategies that resonate in the ever-evolving landscape of marketing in Cybersecurity. Josh is also an avid gamer and a custom computer build enthusiast.