Skip to main content

Hackers are leveraging pirated games to spread malware

Pirated or cracked versions of games have long been a hotbed for malware distribution, and cybercriminals are now using CAPTCHA challenges to make their attacks even more effective.

According to a recent report by McAfee Labs, attackers are leveraging CAPTCHA to trick users into thinking that malicious websites or downloads are legitimate. Security researchers first detected the use of CAPTCHAs in malware delivery schemes last month.

Recommended Videos

Since then, this technique has rapidly gained traction, with reports indicating a growing number of users encountering it worldwide. McAfee’s data suggests that this method of attack is becoming increasingly prevalent, putting more individuals at risk across different regions.

This method is common in pirated games, where users may already expect to jump through extra hoops, like bypassing verification systems. When users search for cracked versions of popular games, they often end up on shady websites. These sites commonly use CAPTCHAs to appear more credible, creating the illusion that the files or content being offered are secure. After solving the CAPTCHA, users are redirected to download a file that is typically riddled with malware, in this case, Lumma Stealer.

Infection chain of the Lumma Stealer malware.
McAfee

Lumma Stealer is a sophisticated information-stealing malware that surfaced in 2022. It targets sensitive data like login credentials, browser cookies, saved passwords, and information from file transfer protocol (FTP) clients and cryptocurrency wallets.

The malware stealthily collects this data from infected systems and transmits it to remote servers controlled by attackers. Its ability to steal from major web browsers, including Chrome, Firefox, and Edge, as well as its capacity to compromise cryptocurrency wallets, makes it a potent threat, particularly to users holding digital assets.

Google search links to pirated or cracked version of Black Myth Wukong.
It is highly recommended to avoid such websites that offer pirated games or software. McAfee

The malware spreads through phishing campaigns, malicious downloads, and compromised websites, often hidden within pirated software or gaming mods. Lumma Stealer employs various evasion tactics, such as encrypting communications with its command-and-control server and using obfuscation techniques to avoid detection by antivirus programs. Its ability to bypass security measures and harvest valuable information makes it a dangerous tool for cybercriminals.

A false sense of security

The CAPTCHA provides an extra layer of camouflage, as it helps malicious websites and downloads bypass automated scanners used by security solutions. CAPTCHA requires human intervention, thus fooling security systems into thinking the site is legitimate.

Pirated games are attractive to cybercriminals for several reasons. First, users looking for free or cracked software are more likely to take risks, bypassing warnings and even turning off antivirus protections to install the software. Secondly, pirated games often require “patches” or “keygens” that are commonly disguised as malware.

The use of CAPTCHA tricks users into believing that the download or website they are interacting with is more secure. Since CAPTCHAs are typically seen as security measures, many users don’t think twice about solving them. After solving the CAPTCHA, they unknowingly download infected files, leaving their systems exposed to attacks.

How to stay protected

To avoid malware attacks, it’s crucial to steer clear of pirated content. Downloading cracked games or software greatly increases the risk of malware infection. Instead, always use legitimate platforms for downloading games and software, as these sources are verified and safer. Keeping your security software, such as antivirus and anti-malware tools, up to date is essential for detecting and preventing new threats. Additionally, if your antivirus tool flags an installation, don’t ignore it; there’s likely a valid reason behind the warning.

As cybercriminals evolve their tactics, staying informed about new malware strategies is vital. CAPTCHAs, originally designed to confirm human users, are now being exploited by attackers as a method to distribute malware, particularly in the realm of pirated gaming. Understanding these risks and taking preventive steps can significantly reduce the likelihood of falling victim to such attacks.

Kunal Khullar
Kunal is a Computing writer contributing content around PC hardware, laptops, monitors, and more for Digital Trends. Having…
Spilled water on your laptop? Here’s how to fix it

Spilled water on your new laptop? Time to act fast. Move your laptop away from the water, then turn it off immediately and unplug it. If you have a removable battery, remove it too.

OK, are you back with us? Here's a more in-depth guide on what to do if you spill water on your laptop, or worse yet, drop your laptop into water.

Read more
How to use a laptop with a secondary monitor
Dell UltraSharp 43 4K USB-C Hub monitor showing display and laptop.

Whether you have an average laptop or one of the best laptops around, one of the best ways to improve the experience is to use an external monitor.

That's not something you can take with you easily, but a bigger screen can make you more productive, make your games more immersive, and give you greater multi-tasking capabilities. Here's how to use a monitor with your laptop to give you a much bigger screen for work and play.

Read more
How to clean a laptop keyboard without damaging the keys
how to clean a laptop keyboard

After a few months of use, oils, dust, drink drips, and food crumbs can build up in even the keyboards of our best laptops. No one is immune to this, not even tech experts like us. But there are ways to get your laptop clean again.

We’ve laid out the best ways to clean your laptop keyboard, whether you’re simply trying to disinfect or you need a deep clean. But there are a few critical steps to take before you start scrubbing. 
Prep work

Read more