In the ever-evolving landscape of gaming, players often seek enhancements through third-party cheats and mods, unaware that these seemingly harmless tools can open the door to sophisticated cyber threats. Recent research from Dr.Web has unveiled a concerning malware family known as Trojan.Scavenger, which specifically targets Windows users by masquerading as performance boosters or game enhancements.
This malware exploits vulnerabilities in popular games such as Grand Theft Auto 5 and Oblivion Remastered. It typically arrives in the form of modified dynamic libraries, often disguised with extensions like .ASI to mimic legitimate plugin formats. When users install these files, they inadvertently place the malicious library in the same directory as the game. If the game fails to properly validate its libraries, the trojan can load automatically upon startup, leveraging flaws in library search priorities to hijack execution within the host application.
Once activated, Trojan.Scavenger establishes a connection with a command-and-control server using encrypted communication, employing techniques to evade detection by antivirus software. The initial payload is just the beginning; in more intricate infections, the malware deploys additional trojans that infiltrate Chromium-based browsers such as Chrome, Edge, Opera, and Yandex. These trojans disrupt browser sandboxing, disable extension verification, and replace legitimate extensions with malicious versions.
Among the applications at risk are popular crypto wallets like MetaMask and Phantom, as well as password managers such as Bitwarden and LastPass. The modified extensions are designed to capture sensitive information, including mnemonic phrases, private keys, and stored passwords, which are then sent directly to the attackers’ servers. Notably, Exodus, another widely used crypto wallet, is also targeted through similar tactics, with the malware extracting sensitive JSON entries that include crucial passphrases and seed data needed for generating private keys.
How to stay safe
To protect oneself from these threats, gamers should exercise caution when engaging with unofficial content. Here are some essential guidelines:
- Avoid downloading mods or cheats from dubious forums or unverified sources, particularly those shared on torrent sites or poorly moderated social media platforms.
- Keep antivirus software updated regularly to ensure it can effectively combat evolving threats. While Android antivirus tools offer protection for mobile devices, desktop systems require more robust solutions.
- Practice good social media management by limiting interactions with communities that are known for disseminating cracked software or questionable patches, thereby reducing exposure to malicious content.
- Check file paths, verify digital signatures when available, and restrict administrative privileges on everyday accounts to complicate the execution of malware.
