Skip to main content
  1. Home
  2. Computing
  3. News

Hackers are leveraging pirated games to spread malware

Add as a preferred source on Google

Pirated or cracked versions of games have long been a hotbed for malware distribution, and cybercriminals are now using CAPTCHA challenges to make their attacks even more effective.

According to a recent report by McAfee Labs, attackers are leveraging CAPTCHA to trick users into thinking that malicious websites or downloads are legitimate. Security researchers first detected the use of CAPTCHAs in malware delivery schemes last month.

Recommended Videos

Since then, this technique has rapidly gained traction, with reports indicating a growing number of users encountering it worldwide. McAfee’s data suggests that this method of attack is becoming increasingly prevalent, putting more individuals at risk across different regions.

This method is common in pirated games, where users may already expect to jump through extra hoops, like bypassing verification systems. When users search for cracked versions of popular games, they often end up on shady websites. These sites commonly use CAPTCHAs to appear more credible, creating the illusion that the files or content being offered are secure. After solving the CAPTCHA, users are redirected to download a file that is typically riddled with malware, in this case, Lumma Stealer.

Infection chain of the Lumma Stealer malware.
McAfee

Lumma Stealer is a sophisticated information-stealing malware that surfaced in 2022. It targets sensitive data like login credentials, browser cookies, saved passwords, and information from file transfer protocol (FTP) clients and cryptocurrency wallets.

The malware stealthily collects this data from infected systems and transmits it to remote servers controlled by attackers. Its ability to steal from major web browsers, including Chrome, Firefox, and Edge, as well as its capacity to compromise cryptocurrency wallets, makes it a potent threat, particularly to users holding digital assets.

Google search links to pirated or cracked version of Black Myth Wukong.
It is highly recommended to avoid such websites that offer pirated games or software. McAfee

The malware spreads through phishing campaigns, malicious downloads, and compromised websites, often hidden within pirated software or gaming mods. Lumma Stealer employs various evasion tactics, such as encrypting communications with its command-and-control server and using obfuscation techniques to avoid detection by antivirus programs. Its ability to bypass security measures and harvest valuable information makes it a dangerous tool for cybercriminals.

A false sense of security

The CAPTCHA provides an extra layer of camouflage, as it helps malicious websites and downloads bypass automated scanners used by security solutions. CAPTCHA requires human intervention, thus fooling security systems into thinking the site is legitimate.

Pirated games are attractive to cybercriminals for several reasons. First, users looking for free or cracked software are more likely to take risks, bypassing warnings and even turning off antivirus protections to install the software. Secondly, pirated games often require “patches” or “keygens” that are commonly disguised as malware.

The use of CAPTCHA tricks users into believing that the download or website they are interacting with is more secure. Since CAPTCHAs are typically seen as security measures, many users don’t think twice about solving them. After solving the CAPTCHA, they unknowingly download infected files, leaving their systems exposed to attacks.

How to stay protected

To avoid malware attacks, it’s crucial to steer clear of pirated content. Downloading cracked games or software greatly increases the risk of malware infection. Instead, always use legitimate platforms for downloading games and software, as these sources are verified and safer. Keeping your security software, such as antivirus and anti-malware tools, up to date is essential for detecting and preventing new threats. Additionally, if your antivirus tool flags an installation, don’t ignore it; there’s likely a valid reason behind the warning.

As cybercriminals evolve their tactics, staying informed about new malware strategies is vital. CAPTCHAs, originally designed to confirm human users, are now being exploited by attackers as a method to distribute malware, particularly in the realm of pirated gaming. Understanding these risks and taking preventive steps can significantly reduce the likelihood of falling victim to such attacks.

Kunal Khullar
Kunal Khullar is a computing writer at Digital Trends who contributes to various topics, including CPUs, GPUs, monitors, and…
ChatGPT’s new search tool saves you from digging through old chats, files, and images
You can also filter ChatGPT search results by content type.
chatgpt-new-search

If you have ever lost a great ChatGPT answer somewhere in your endless chat history, that headache is finally over. OpenAI has rolled out a major search upgrade that lets you find old chats, projects, documents, and images all from one place.

Before this update, the sidebar search only pulled up past conversations, leaving uploaded files, projects, and generated images completely out of reach. The new search option is now available across web, iOS, and Android, on every ChatGPT plan, including free accounts.

Read more
You can now link your favorite apps to AI Mode in Google Search to get things done
AI Mode now works with Instacart, Canva, and YouTube Music inside Search.
google-search-ai-mode-connect-apps

Google is making AI Mode in Search more useful by letting you connect third-party apps. Starting this week in the US, you can securely connect some of your go-to apps directly to AI Mode, letting Search actually complete tasks for you instead of just answering questions.

This update builds on a similar trick Google already pulled off inside the Gemini app, and now it is landing in Search itself. The initial rollout includes three launch partners, Instacart, Canva, and YouTube Music, with Google saying more app integrations are on the way.

Read more
You can now edit videos in Google Vids by simply describing the changes
Gemini Omni powers Google Vids’ new editing tools, and personal avatars are joining too
Google Vids gets Gemini Omni

Google is bringing Gemini Omni and personal avatars to Google Vids, expanding the app’s AI-powered video creation tools for paid users. Gemini Omni can now generate and edit clips through natural language, while personal avatars let users appear in videos without recording themselves on camera.

Vids already offered Veo-powered video generation, AI presenters, screen recording, and tools for turning Slides presentations into narrated videos. Omni expands that setup into a more complete editing workflow, where users can keep refining a clip through conversation instead of rebuilding it after every change.

Read more