#1267188: Fake CS: GO, PUBG, Rust Cheats Push Password-Stealing Trojan

Description: Some users of online team-based shooters, battle royale, or survival games commonly use game hacking or cheats to give themselves an advantage over their opponents. Unfortunately, in many cases these cheats do nothing but compromise the user's own data as installing them infects a computer with password and information stealing Trojans.

Such is the case with a malicious campaign discovered by security researcher .sS.! where a YouTube user named Pirate Hack is creating videos that offer free aimbot, wall hack tools, and cheats for popular games such as CS GO, PUBG, and Rust.

These videos will demonstrate supposed game hacks and then include a mega.nz download link in the description where a user can download the tool for free.

A fake Rust hack
BleepingComputer tested one of the promoted tools in the form of a fake Rust hack shown in the video above.

When you download the fake game cheat, it will come as a ZIP file that contains numerous files as well as instructions on how to use the game cheat. The instructions called TUTORIAL.txt tells the user to "disable the antivirus, since this cheat has an injector on which the antivirus swears."

In our test, the Rust hack tool is named RUSThack.exe and is a C# application. When executed, the RUSThack.exe will extract a file named svchost.exe to the %Temp% folder. This file is the legitimate Visual Basic Command Line Compiler from Microsoft.

The fake hack tool will then execute svchost.exe and inject the AZORult DLL into the process, which will then collect various data from your computer including browser and FTP passwords, browser history, and more. This data is then sent back to the attacker.

The original RUSThack.exe will also be copied to the %Temp%\FolderN file and will be configured to start automatically when you login to Windows.

.sS.! also told BleepingComputer that game hacks and cheats are not the only scams underway that are pushing the AZORult Trojan. The researcher has also spotted fake Windows Updates, cracked Nord VPN installations, and VMWare key generators being used to spread AZORult.

AZORult is a favorite among threat actors who go as far as creating elaborate sites and tools to drop the infection on unsuspecting users. For example, in the past we have seen fake VPN software called PirateChick and a fake Windows system optimizer called G-Cleaner being used to spread this infection.

Cheats are just not worth it
While the thrill of winning an online game is enough to make people attempt to cheat, in the end it is just not worth it.

By installing these tools, your passwords, logins to online financial sites, browser history, files, and more will be stolen by the attackers and used to steal money or perform identity theft.

Be smart and get better on your own. The alternative is far worse then losing a game.
More info: https://www.bleepingcomputer.com/news/security/fake-cs-go-pubg-rust-cheats-push-password-stealing-trojan/

Date added July 12, 2019, 6:59 a.m.
Source Bleeping Computer
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • AZORult Malware -TA516 threat group / Gazorp / Aurora Ransomware / Oktropys
  • General Malware - New Reports in
  • Scam/Fraud/Hoax Alerts