Even with more ways to play games, from new consoles to in-browser options and mobile games, demand for PC games persists. So does a gamer’s desire to play them for free – often by finding and downloading cracked versions of games. However, such shortcuts often come at a cost, with users installing dangerous malware instead of the desired game. Sometimes, cybercriminal groups go as far as setting up a network of websites, which are meant entirely for distribution of such malware – as was the case in the latest campaign discovered by Kaspersky.
In April 2021, Kaspersky researchers observed a massive, well-coordinated campaign, which distributed a dropper – a program that secretly executes a malicious program – dubbed Swarez. The dropper was delivered through dozens of fake warez websites – platforms that specialise in free distributed copyrighted materials, which are considered to violate copyright law. These websites distributed malware under the guise of cracks for different software, including anti-malware, photo or video editing software, and fifteen popular computer games. Users in 45 countries across the world were attacked by such files disguised as games.
After a chain of redirects from the warez website, the users downloaded a ZIP archive with password protected ZIP file and a text document with the key to unpack it. The installation process looked complicated enough for users to be tricked into thinking they were installing the game they were looking for. In reality, the users downloaded the Swarez dropper, which, in turn, decrypted and executed a Taurus Trojan-Stealer, a paid stealer, which has many functions and is flexible and configurable. The malware is capable of stealing cookies, saved passwords, autofill data from browsers, and data related to crypto wallets. It gathers information about the system, .txt files from the user’s desktop and can even take screenshots.
One of the most concerning aspects of the campaign was how easy it was to reach the right targets. Cybercriminals optimised their websites for specific search keywords, and in some cases, managed to get their malicious sites into the top three results of popular search engines.
“Our devices contain more valuable information about us and our finances than ever – and therefore are an ultimate target for various cybercriminals. The Swarez campaign demonstrates that tricking users into installing software from some unknown source remains an effective way of getting malware onto their devices. And cybercriminals invest in creating more complex schemes to convince users that what they are installing is not malware – to the point of emulating installation processes. This demonstrates that there is no middle ground – to stay safe from threats such as these, users need to stick to downloading software from trusted, official sources, because at the end of the day, the payment for making a mistake may end up being much higher than the cost of a game or other software,” said Anton V. Ivanov, security researcher at Kaspersky.