A recent surge of undisclosed malware has purportedly been targeting gamers and siphoning their Bitcoin (BTC) wallets in a new campaign aimed at both cheaters and players. The malware, as reported by the vx-underground repository on March 28th, is attributed to an unidentified threat actor. It is designed to pilfer login credentials, particularly by users employing pay-to-cheat video game software.
 
Massive Losses
The attacks have affected various gaming communities, including over 4.9 million accounts associated with Activision Blizzard and its gaming platform Battle.net, as well as accounts via Elite PVPers, a game-focused trading site, and cheat software markets PhantomOverlay and UnknownCheats.
Affected users have reported instances of cryptocurrency drainage, notably through their Electrum BTC wallets, although the precise amount stolen remains undisclosed, according to vx-underground. PhantomOverlay, in a Telegram post dated March 27th, disputed the reported number of hacked accounts, suggesting that a significant portion of the logins retrieved may be invalid. It described the malware as part of a network of free or low-cost software originating via commonly used gaming utilities like latency programs or VPNs.
 
Damage Control
Described as the most extensive infostealer malware campaign within the gaming and cheating community, PhantomOverlay admitted having suspicions about the source of the malware but acknowledged difficulties in proving its origins.
Activision Blizzard has been in contact with cheat-selling platforms and pledged assistance to the millions of affected users, according to PhantomOverlay. An Activision Blizzard spokesperson stated that while they were aware of claims regarding compromised credentials due to unauthorized software, their servers remain secure. They advised users to change their passwords as a precaution.
Vx-underground noted that fraudulent activity was flagged when unauthorized purchases were made using compromised accounts. PhantomOverlay confirmed reaching out to the alleged victims and identifying additional affected users thereafter.