Cofense Email Security

Gamers, beware. You are a target for crypto-mining botnets.

Many gamers are unaware that they are either potential targets for mining botnets or that they may already be mining cryptocurrencies for cybercriminals.

Why are gamers targets? Think about it. Mining requires a large graphics card (GPU), a dedicated Internet connection and an uninterrupted power source. Gamers use powerful and immersive, high-performing GPU’s to stay online and play networked games without interruption. It’s the perfect recipe for crypto mining.

Blockchain technology enables crooks to crypto-mine with ease.

Blockchain technology plays a key role here. It acts as a powerful intermediary to protect the privacy of participants, allowing them to “monetize” their own information. The Blockchain network orders transactions by putting them together into groups called blocks. Each block contains a definite amount of transactions and a link to the previous block. The most distinct features of this technology are a distributed database or ledger and the fact that transaction details are shared and maintained by a network of computers.

Blockchain has become a key technology because of its ability to record and keep track of assets or transactions without a need for intermediary organizations. Cryptocurrencies use this technology for record keeping. Crypto mining is the method in which transactions on the crypto blockchain are confirmed and processed. Those who perform the crypto mining process are referred to as miners and they’re rewarded for their assistance with a percentage of the transaction fee charged to the user.

With the race to mine cryptocurrency the miner needs a faster way of solving the mathematical algorithms to generate coins. Since gamers have the right hardware, more specifically a good GPU, it gives the cybercriminals a great opportunity to utilize their highend gaming PCs for mining.

Here are a few ways attackers “game the gamers.”

Cybercriminals may have many ways to get a victim’s computer to secretly mine cryptocurrencies. The most popular way is to trick victims into loading crypto-mining code onto their computers, then trick users, in this case gamers, with legitimate-looking emails. These phishes of course use lures: a new game as a reward, vouchers for game purchases or gaming credits, all of which encourages gamers to click on a link. We see phishing attackers play on victim’s emotions all the time, exploiting the desire for reward, curiosity or outright greed.

Attackers also use social engineering techniques to distribute mining malware codes. For example, gamers with common interests are quite often connected with one another in multiplayer games. They have become rich targets. Cybercriminals send spoofed emails from another player, with an invitation or challenge to play games in special virtual rooms.

Most often, attackers send spoofed emails from popular online game stores with a warning that the recipient’s account is suspended, or with a notice about in-game purchases they’ve made. The email asks them to click on the link to verify the details.

Once the gamer clicks on the phishing URL, it downloads the crypto-mining script on the gamers’ computer. The script runs in stealth mode as a background process. The other method is to inject a script on a website. Once victims click on the phishing link and visit the infected website from their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is used, the code runs complex mathematical problems on the gamers’ computers and sends the results to a server that the cybercriminal controls.

Quick tips to avoid being phished.

Keep these tips in mind to help you identify phishing emails:

  • Think twice. Read emails thoroughly and be wary of offers that seem too good to be true. Don’t open attachments or download files from unexpected emails; they may have viruses that can harm your computer.
  • Keep your emotions in check. Phishers frequently use emotions like greed, fear, reward or curiosity to trick recipients.
  • Always verify. Verify that the email is from the real sender before engaging. Beware of unfamiliar gamers. If the email pretends to be from an online gaming vendor and you`re concerned the message is legit, search for the company’s real contact information and reach out to them directly.

In other words, be vigilant. You’ll lower your risk of getting phished and being played by crypto-miners, so it can be game on – not game over!

Learn more about spotting phishing emails—read these simple tips.

Share This Article


We use our own and third-party cookies to enhance your experience. Read more about our cookie policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.