Playing Hearthstone? Want to cheat? You might end up with Bitcoin-stealing malware
It’s widely known that online gamers make great targets for cyber criminals: their dedication and enthusiasm for the game(s) often leads them to disregard warnings both from the games’ creators and security firms aimed at keeping themselves and their computers safe.
Each popular game attract a set of cyber crooks looking to take advantage of everything they can. Take for example Hearthstone, a free-to-play card game based on World of Warcraft.
In order to play well, the players need to have a good assortment of cards, and cards can be either bought with real money, or with “gold” and “dust”, which are acquired by playing the game, doing quests, or by destroying opponents’ cards.
Naturally, some players will want to find a way to earn those things faster, and here is where the crooks come in.
“Symantec has recently observed Trojan.Coinbitclip posing as a Hearthstone gold- and dust-hacking tool,” says researcher Lionel Payet. “Because Bitcoin addresses are long and include random characters, many users who mine Bitcoins use a clipboard to facilitate the process. Trojan.Coinbitclip hijacks the user’s clipboard and replaces the user’s Bitcoin address with one from its own list—this is how the malware steals someone’s Bitcoin. The sample we have observed has 10,000 Bitcoin addresses in its body. The Trojan selects an address from the list that most closely resembles the address it is replacing.”
Other players might not be into this particular scheme, as it’s effectively cheating, but have nothing against using third-party tools that track cards in their deck and in this way help them play better.
Again, cyber crooks have in their arsenal tools they can offer to this more principled group of players. “In December 2015, Symantec saw that attackers disguised Backdoor.Breut as one of these add-ons by using the file name Hearthstone Deck Tracker.exe. This threat is capable of opening a back door, recording from the webcam, logging key strokes, and stealing passwords,” pointed out Payet.
Looking for bots that will play part of your game for you and earn gold and dust while you do other things? Yes, you’ve guessed it – the software can easily come bundled with malware.
And what may seem even worse for some players, the software/malware they download doesn’t actually do what it claims to do.
Unsurprisingly, Blizzard, Hearthstone’s creator, does not approve of any of these “shortcuts” for the game, but unfortunately that doesn’t prevent players from trying to use them.
But maybe, in cases like these, they should think twice (or thrice!) before doing so – not because cheating is wrong and should bring no satisfaction, but because the risk to themselves might simply be too high.