Official releases of the popular online games League of Legends (LoL) and Path of Exile (PoE) were found laced with the notorious PlugX, a remote access Trojan (RAT) that can spy and help steal information from affected systems.
These findings are based on information provided by Hacks in Taiwan (HITCON) security conference researchers who dubbed the incident “Operation GG.” For parents and guardians, the term GG means “good game” in gamerspeak. It can either be spoken as a polite comment for an enjoyable game or a sarcastic one that denotes that the opponent needs to upgrade their skills.
Gamers who downloaded the legitimate Taiwanese versions of installers or updates of the popular game titles were likely to have also downloaded two other files: the software that overwrites the compromised launcher and the dropper that installs the PlugX malware.
Cybercriminals have long been using popular games as social engineering lures, often by creating fake sites with malware links and optimizing them with popular keywords so gamers can find them. This time, the cybercriminals were able to modify the installer itself so that it installs the malware. This is a marked difference from what they usually do to get into users’ systems.
There is also a notable history as to the use of PlugX, which can be easily acquired in the underground cybercriminal market along with other malware families. Threat actors, or those responsible for targeted attacks, have dropped the PlugX malware before in an attack against Taiwanese agencies using a Microsoft Word zero-day vulnerability. However, this recent incident reminds that even ordinary users can also fall victim to the PlugX malware.
What is PlugX malware and why should gamers be wary?
This malware is commonly used in targeted attacks, which are well-planned cyber attacks that can remain undetected for years under the target’s radar. PlugX variants have also been documented to exploit an Adobe Flash player exploit, stealthily target legitimate apps, and undergo other malicious routines that affect Internet users.
[From the Threat Encyclopedia: Everything you need to know about PlugX]
Trend Micro researchers analyzed the issue further and found that the compromised versions were traced to a consumer Internet platform provider in Asia, who had since coordinated with HITCON and Trend Micro to provide a PlugX clean-up tool for possible victims of the malware.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.