Video games are a favorite pastime for millions of kids and teenagers worldwide, offering exciting challenges, epic battles, and opportunities to connect with friends online. But what happens when the search for an edge in these games—like cheats or special hacks—leads to something far more dangerous?
McAfee Labs has uncovered a growing threat aimed at gamers, especially kids, who unknowingly download malware disguised as game hacks, software cracks, and cryptocurrency tools.
Here’s what you need to know about this sneaky scam and how to stay safe:
The Games and Platforms at Risk
Popular games like Minecraft, Roblox, Fortnite, Apex Legends, and Call of Duty are among those targeted by these scams. Gamers searching for cheats to gain an advantage—like seeing through walls, speeding up characters, or unlocking premium items—are being lured to malicious links. These links often appear on GitHub, a platform where developers share and collaborate on code, or in YouTube videos claiming to offer step-by-step instructions.
GitHub is typically trusted by programmers and tech enthusiasts, but cybercriminals exploit this trust by uploading malware that masquerades as game hacks. By naming their repositories after popular games or tools, scammers trick users into downloading malware instead of the promised cheat software.
How the Scam Works
The process starts when someone searches online for free cheats or cracked software—like tools to unlock premium features of Spotify or Adobe—and stumbles upon a GitHub repository or a YouTube video. These repositories often look convincing, with professional descriptions, screenshots, and even licenses designed to appear legitimate.
Figure 1: Attack Vector
Once users follow the instructions, they’re often asked to disable their antivirus software or Windows Defender. The reasoning provided is that antivirus programs will mistakenly identify the hack or crack as dangerous. In reality, this step clears the way for malware to infect their device.
What Happens After the Malware is Downloaded?
Instead of receiving a functional cheat, victims unknowingly install a dangerous program known as Lumma Stealer or similar malware variants. This software quietly:
- Steals sensitive data: It searches for login credentials, cryptocurrency wallets, and saved passwords.
- Tracks activity: It scans the user’s browser history and data for anything valuable.
- Connects to a remote server: Once it gathers data, the malware sends it to the scammer’s server for further exploitation.
Each week, new repositories and malware variants appear as older ones are detected and removed. This cycle makes it difficult for platforms like GitHub to completely eliminate the threat.
Why Are Kids Being Targeted?
Kids and teens are prime targets because they often lack experience in identifying online scams. The promise of features like “Aimbots” (to improve shooting accuracy) or “Anti-Ban” systems (to avoid getting caught by game administrators) makes these fake downloads even more tempting. Scammers exploit this curiosity and eagerness, making it easier to trick young gamers into infecting their devices.
Figure 2: YouTube Video containing malicious URL in description.
How to Protect Yourself and Your Family
McAfee Labs offers these tips to avoid falling victim to these scams:
- Be skeptical of free hacks or cracks: If it sounds too good to be true, it probably is. Avoid downloading software from unverified sources.
- Keep antivirus software up to date: Always have an active antivirus program running on your devices to detect and block malware.
- Educate kids about online safety: Teach them to recognize suspicious websites and downloads. Remind them to never disable antivirus programs or click on unfamiliar links.
- Verify links and sources: Before downloading anything, check the website’s URL for inconsistencies or unusual details.
- Monitor device activity: Regularly check for unfamiliar files or programs on your devices.
A Lesson in Cybersecurity
The takeaway? Scammers will go to great lengths to exploit the interests and habits of gamers. And unfortunately, this isn’t the first time we’ve seen such malware attacks targeting gamers. By educating yourself and your family about these threats, you can play smarter and stay safer online. Always remember: no cheat or crack is worth compromising your security.
Read the full report from McAfee Labs outlining our research and findings on this malware risk. Learn more about how you can protect yourself with McAfee+.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
