The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: game hacking

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store
February 26, 2022Ravie Lakshmanan
A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent campaigns. The identity of the attackers is not known, but evidence suggests that they could be based out of Bulgaria. "Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud," Check Point's Moshe Marelus  said  in a report published this week. "It is mainly distributed via the Microsoft store platform and dropped from dozens of infected applications, mostly games, which are constantly uploaded by the attackers." The first sign of malicious activity commenced as an ad clicker campaign that was discovered in O

New BloodyStealer Trojan Steals Gamers' Epic Games and Steam Accounts

 New BloodyStealer Trojan Steals Gamers' Epic Games and Steam Accounts
September 28, 2021Ravie Lakshmanan
A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market. Cybersecurity firm Kaspersky, which coined the malware " BloodyStealer ," said it first detected the malicious tool in March 2021 as being advertised for sale at an attractive price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. Attacks using Bloody Stealer have been uncovered so far in Europe, Latin America, and the Asia-Pacific region. "BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications," the company  said . The information harvested from gaming apps, such as Bethesda, Epic Games, GOG,

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers
September 14, 2021Ravie Lakshmanan
Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks. Tracked as  CVE-2021-3437  (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system. Cybersecurity firm SentinelOne, which discovered and reported the shortcoming to HP on February 17, said it found no evidence of in-the-wild exploitation. The computer hardware company has since released a security update to its customers to address these vulnerabilities. The issues themselves are rooted in a component called  OMEN Command Center  that comes pre-installed on HP OMEN-branded laptops and desktops and can also be downloaded from the Microsoft Store. The software, in addition to mon

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games

Valve's Steam Server Bugs Could've Let Hackers Hijack Online Games
December 10, 2020Ravie Lakshmanan
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today. "Potentially even more damaging, attackers could remotely take over third-party developer game servers to execute arbitrary code." Valve is a popular US-based video game developer and publisher behind the game software distribution platform Steam and several titles such as Half-Life, Counter-Strike, Portal, Day of Defeat, Team Fortress, Left 4 Dead, and Dota. The four flaws (CVE-2020-6016 through CVE-2020-6019) were uncovered in Valve's Game Networking Sockets ( GNS ) or Steam Sockets libr

Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data

Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data
September 29, 2019Swati Khandelwal
A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc . With a current market capitalization of over $5 billion, Zynga is one of the world's most successful social game developers with a collection of hit online games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World—with over a billion players worldwide. Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach " Words With Friends ," a popular Zynga-developed word puzzle game, and unauthorisedly access a massive database of more than 218 million users. According to the hacker, the data breach affected all Android and iOS game players who installed and signed up for the 'Words With Friends' game on and before 2nd September this year.

Account Takeover Vulnerability Found in Popular EA Games Origin Platform

Account Takeover Vulnerability Found in Popular EA Games Origin Platform
June 26, 2019Mohit Kumar
A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data. The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)—the world's second-largest gaming company with over 300 million users—that allows users to purchase and play some of the most popular video games including Battlefield, Apex Legends, Madden NFL, and FIFA. The Origin platform also manages users EA Games account authentication and allows them to find friends, join games, and manage their profiles. Discovered by researchers at Check Point and CyberInt, the vulnerabilities when chained together could have allowed attackers to hijack gamer's EA account just by convincing them into opening an official webpage from the EA Games website. To perform this attack, as shown in th

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers' PCs

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers' PCs
March 14, 2019Mohit Kumar
If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers. A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by exploiting zero-day vulnerabilities in the game client. According to the researchers, Counter-Strike 1.6, a popular game that's almost two decades old, contains unpatched multiple remote code execution (RCE) vulnerabilities in its client software that let attackers execute arbitrary code on the gamer's computer as soon as they connect to a malicious server, without requiring any further interaction from the gamers. It turned out that a Russian gaming server developer, nicknamed 'Belonard,' has been exploiting these vulnerabilities in the wild to promote his business and create a

Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts

Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts
January 05, 2019Mohit Kumar
A massive data breach at the popular online role-playing game 'Town of Salem' has reportedly impacted more than 7.6 million players, the game owner BlankMediaGames (BMG) confirmed Wednesday on its online forum. With the user base of more than 8 million players, Town of Salem is a browser-based game that enables gamers (which range from 7 to 15 users) to play a version of the famous secret role game Town, Mafia, or Neutrals. The data breach was first discovered and disclosed on December 28 when a copy of the compromised Town of Salem database was anonymously sent to DeHashed, a hacked database search engine. Over 7.6 Million Users Accounts Compromised The database included evidence of the server compromise and access to the complete gamer database which contained 7,633,234 unique email addresses (most-represented of the email providers being Gmail, Hotmail, and Yahoo.com). After analyzing the complete database, DeHashed disclosed that the compromised data contained

Hackers threaten to take down Xbox Live and PSN on Christmas Day

Hackers threaten to take down Xbox Live and PSN on Christmas Day
December 24, 2016Mohit Kumar
Bad news for gamers! It's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what happens on every Christmas holidays. On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the PlayStation Network and Xbox Live offline for many gamers by launching massive DDoS attacks against the gaming networks. This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks. Calling itself R.I.U. Star Patrol , the hacking group, posted a video on YouTube , announcing that they're planning to take down Sony's PSN and Microsoft's Xbox Live on Christmas Day by launching coordinated DDoS attacks. "We do it because w

Epic Games Forum Hacked, Once Again — Over 800,000 Gamers' Data Stolen

Epic Games Forum Hacked, Once Again — Over 800,000 Gamers' Data Stolen
August 23, 2016Swati Khandelwal
If you are a fan of Unreal Tournament from Epic Games or ever have participated in discussions on the online forums run by Epic Games, you possibly need to change your forum password as soon as possible. It seems the Unreal Engine and its creators, Epic Games' forums have recently been compromised by an unknown hacker or a group of hackers, who have stolen more than 800,000 forum accounts with over half a Million from the Unreal Engine's forums alone. The hackers get their hands on the forum accounts by exploiting a known vulnerability resided in an outdated version of the vBulletin forum software, which allowed them to get access to the full database. Epic believes registration information that includes usernames, scrambled passwords, email addresses, dates of birth, IP addresses, and date of joining, may have been obtained in the attack. "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered in

PlayStation 4 Hacked to Run Linux

PlayStation 4 Hacked to Run Linux
January 01, 2016Swati Khandelwal
Hackers enjoy much playing with PlayStation and Xbox, rather than playing on them. And this time, they have done some crazy things with Sony's PlayStation gaming console. It appears that a console-hacking that goes by the name of Fail0verflow have managed to hack PlayStation 4 (PS4) to run a Linux kernel-based operating system. Fail0verflow announced this week that they successfully cracked the PlayStation 4 and managed to install a full version of Linux on the system, turning the PlayStation 4 into a real PC . With this latest PS4 hack, the console-hacking group gave the homebrew software community hope that Sony's popular game console will soon become a valuable tool in their arsenal. Group Managed to Run Game Boy Advance and Pokémon on PS4 What's even more interesting? The hacking group didn't stop with Linux. The group also managed to install an emulator for the Game Boy Advance and a version of Pokémon , dubbing it the "PlayStat

Hackers Plan to Ruin Christmas Eve for Millions of PlayStation and Xbox Live Gamers

Hackers Plan to Ruin Christmas Eve for Millions of PlayStation and Xbox Live Gamers
December 16, 2015Wang Wei
Remember the notorious hacker group Lizard Squad that spoiled last Christmas holidays of many game lovers by knocking the PlayStation Network and Xbox Live offline with apparent Distributed Denial of Service (DDoS) attacks? But, Will you be able to Play Xbox and PlayStation Game this Christmas? Probably Not. Because a new hacking group is threatening to carry out similar attacks by taking down the Xbox LIVE and PlayStation Network for a week during Christmas. Be Ready this Christmas for Attacks on PSN and XBox LIVE In a series of tweets, a bunch of DDoS hackers calling themselves " Phantom Group " (@PhantomSquad) announced that they will disrupt the XBox Live and PlayStation networks in a coordinated DoS attack. The attacks could prevent millions of gamers worldwide from enjoying their newly opened Christmas gifts and accessing games online. Also Read: PlayStation 4 Jailbreak Confirms . Here are the tweets by Phantom Squad: We are goi

4th Member of 'Xbox Underground' Group Pleads Guilty to $100 Million Theft

4th Member of 'Xbox Underground' Group Pleads Guilty to $100 Million Theft
April 03, 2015Mohit Kumar
The Fourth and final member of an international hacking group called " Xbox Underground " (XU) has pled guilty to steal more than $100 Million in intellectual property and data from Microsoft, Epic Games, and Valve Corporation. In addition, the group also stole an Apache helicopter simulator developed by Zombie Studios (''Zombie") for the U.S. Army and gained access to the U.S. Army's computer network. Austin Alcala , a 19-year-old of McCordsville, Indiana, along with two other Americans and a Canadian, has found guilty to charges of computer hacking conspiracies and criminal copyright infringement involving theft of information related to then-unreleased Xbox One gaming console and Xbox Live games. All the other members of the hacking group have been pleaded guilty before. Two members, Sanadodeh Nesheiwat , 28, and David Pokora , 22, pleaded guilty last September, while a third member, Nathan Leroux , 20, pleaded guilty to the same conspira
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.