Gaming is an addiction but for cyber criminals, it is a lucrative business.
IT security researchers at ESET have discovered a new malware targeting gamers around the world. Dubbed “Joao” by researchers; the malware exists in third party websites offering malicious setups for Aeria games.
The malware works in such a way that once executed it can install other malicious codes on a targeted device. Furthermore, Joao takes advantage of “Massively multiplayer online role-playing games (MMORPGs),” a platform for role-playing video games and massively multiplayer online games where a large number of gamers get together to interact.
Screenshot of one of the third party sites hosting malicious game files for Aeria games (Image: ESET)
The attackers behind Joao have developed the malware in such a way that when a victim executes the game launcher, it silently launches itself in the background and sends device information to the attackers including its operating system, name and what privileges a user has on that device. At the same time, the game runs for the user without any disruption or sign of malicious activity.
Based on the device’s analysis Joao decides which component should be installed on the system. According to ESET researchers, they found components with the ability to conduct distributed denial-of-service (DDoS) attacks, backdoor, and spying on a targeted user.
Currently, Joao is targeting users in Argentina, Brazil, Mexico, Peru, Indonesia, Thailand, and the Philippines. However, It is a matter of time before it starts spreading to other countries since Aeria games are published in North America and Europe as well.
To check if your computer is infected with Joao malware, ESET researchers have suggested searching for “mskdbe.dll” file. In case the search result shows a file with this name it means you are a victim. However, attackers can also rename the file to something else. Therefore, make sure not to download unnecessary apps or games on your computers.
(Image: ESET)
Also, make sure to keep your operating system and anti-virus software updated. As for the targeted users, do not download Aeria games from third-party websites. Aeria has a social media presence on Twitter and Facebook; it is highly advised to report the malicious game files to the developers.
At the time of publishing this article, third-party sites were still operational however ESET has informed the developers about the issue, and it is expected that the company will take some actions soon.
