In short: Security researchers have discovered another malicious campaign designed to deceive people who are trying to cheat in online games. Players looking to gain an unfair advantage over their opponents in Valorant may be faced with another tool designed to steal their sensitive information.
Cheaters in popular multiplayer games are nothing new and have increased during the pandemic growth significantly as more people turn to games as a source of entertainment. Companies have tried to address this growing problem with improved anti-cheat technologies, but most of the efforts have been undermined by source code leaks, as well as an army of motivated cheat developers who are quick to adapt to any new developments in the field.
Valorant’s anti-cheat software has been a big source of controversy over the use of kernel-level drivers to combat cheaters, but it has also resulted in fewer of them for this particular game. However, some people are desperate enough to search the internet for anything that could give them an unfair advantage over other players, so attackers are fueling demand with malware campaigns.
According to Korean security researchers in ASEC, some Valorant players are now being tricked into downloading and running software that is advertised on YouTube as a game hack but is actually just a delivery system for a powerful information thief called RedLine. Attackers can do this quite often as they can easily bypass content submission verification and create a new account whenever it is reported and banned.
As is the case with all cheat software, people downloading alleged Valorant cheats are asked to disable their antivirus software and use elevated privileges to ensure that these cheats install and run smoothly. However, this is also what malware needs to automatically install on the system without the need for complex exploits.
RedLine is one of the most widely used information thieves and once installed it will export a wide range of sensitive data including passwords, credit card information, browser cookies, bookmarks, browser history and cryptocurrency wallets, as well as credentials for things like Steam, Discord and more. The stolen information is packaged in a zip file and sent to the Discord server.
Similar social engineering campaigns for malware are becoming more common. Last year, rogue software for Call of Duty: Warzone was found to contain malware known as a “dropper” that can take control of a player’s system and install additional malware. It goes without saying that you shouldn’t spoil other players’ enjoyment of online play, but such malware campaigns serve as a reminder that cheating is not safe, no matter what cheat makers tell you about their offerings.