ESET researchers discovered a new sneaky malware named Joao, spreading via computer games published on unofficial websites. Joao is modular malware capable of downloading and running other malicious code.
“To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games. They modified the games to make them capable of downloading further malware,” explains Tomáš Gardoň, Malware Analyst at ESET.
ESET research has shown that the criminals behind the campaign misused several game titles by Aeria Games and served their modified versions on unofficial websites. The one that remained active in spreading the malware, gf.ignitgames[.]to, is blocked by ESET security products.
The games laden with Joao were able to gather information about the infected computer and then download additional components offered by the Command&Control server. The Joao components ESET researchers discovered during their research had backdoor, spying, and DDoS capabilities.
“The infection process is well hidden from the victims and these modified games work as expected. Once a game-hungry user jumps into downloading the modified game, there is nothing to raise their suspicion. Those who are not protected with a reliable security solution simply end up with their computers infected,” warns Gardoň.
More information about the Joao malware – how it works, how to spot it and how to get rid of it – can be found in Tomáš Gardoň’s article at ESET’s blog , WeLiveSecurity.com.
ESET security experts have also compiled a set of recommendations to help gamers enjoy gaming without being faced with threats. With the gamescom fair bringing gaming furhter into the spotlight, following such advice is even more important.
- Favor official sources whenever possible.
- Keep your games updated.
- Use a reliable security solution and keep it turned on while gaming.
- Keep in mind that there are other threats targeting gamers. Check out ESET’s further security tips for gamers.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.