A newly discovered cyber campaign is targeting gamers by embedding cryptocurrency mining software into pirated versions of popular games, with Russian-speaking hackers suspected of leading the operation. The primary victims of this attack are users in Russia, though cases have also been detected in Belarus, Kazakhstan, Germany, and Brazil, according to a recent report from Russian cybersecurity firm Kaspersky.
How the Attack Works: Trojanized Games and Cryptojacking
The attackers are using infected versions of well-known simulator and open-world games, including BeamNG.drive, Garry’s Mod, Dyson Sphere Program, Universe Sandbox, and Plutocracy, all of which were distributed through torrent sites. These platforms, commonly used for illegally sharing copyrighted content such as movies, music, and software, have long been a vector for malware campaigns.
Once downloaded and executed, these compromised games install XMRig, an open-source cryptocurrency mining software primarily used to mine Monero (XMR), a privacy-focused digital currency. While XMRig itself is not inherently malicious, cybercriminals frequently abuse it to hijack a victim’s processing power without their consent, a practice known as cryptojacking. The stolen computational resources are then used to mine Monero, generating profit for the attackers while slowing down and overheating the victim’s hardware.
Why Russian Gamers Are Particularly Vulnerable
Russia has one of the world’s highest rates of software piracy. Torrents are widely used across the country, especially on platforms like RuTracker, where users download pirated versions of movies, TV shows, and games. The situation escalated after Western software companies and gaming publishers withdrew from Russia following its 2022 invasion of Ukraine, leaving many gamers with limited options for acquiring new games legally. As a result, piracy surged, creating a perfect breeding ground for cybercriminals to exploit unsuspecting users.
The hackers behind this cryptojacking campaign appear to have taken full advantage of these conditions. According to Kaspersky, the malware-laden game files were strategically placed on torrent sites as early as September 2024, ensuring they reached a large audience before the holiday season—a time when downloads and traffic on these sites typically spike.
Sophisticated Execution Chain: Evading Detection
Unlike rudimentary cryptojacking campaigns, this operation employed a highly sophisticated infection chain. Researchers discovered that before launching the cryptominer, the malware executed a preliminary scan of the infected system to detect the presence of antivirus software. If security software was found, the malware automatically terminated itself to avoid raising suspicion.
The attackers also carefully optimized their malware for execution on powerful gaming computers, ensuring they could sustain mining operations without immediate detection. Since gaming rigs are typically equipped with high-end GPUs and processors, they provide an ideal target for cryptojacking operations, yielding significantly higher profits for the attackers.
Additionally, beyond cryptominers like XMRig, pirated games often serve as a delivery mechanism for more dangerous malware. Other cyber threats commonly found in cracked games include:
- Botnets – Used to launch Distributed Denial-of-Service (DDoS) attacks or large-scale spam campaigns.
- Credential Stealers – Harvests user credentials, potentially leading to compromised banking, email, and gaming accounts.
- Trojan Horses – Enables remote access to a victim’s system, allowing attackers to spy on users or deploy ransomware.
New Year’s Eve Attack Timing: Capitalizing on Reduced Vigilance
Kaspersky’s investigation revealed that the campaign was launched on New Year’s Eve, a period when many people are off work, engaging in leisure activities, and torrent traffic sees a sharp increase. The timing suggests a deliberate attempt to exploit reduced vigilance, with users more likely to download and install pirated software without scrutinizing its contents.
The attacks lasted for about a month, infecting both individual users and businesses. Kaspersky researchers noted that the malware had been detected on corporate computers as well, indicating that some employees had downloaded the infected games onto work systems—potentially leading to further security breaches within business environments.
Possible Attribution: Russian-Speaking Hackers Behind the Operation
Despite the scale of the attack, cybersecurity experts have not yet identified a known Advanced Persistent Threat (APT) group responsible for the operation. However, the use of the Russian language in the code and infrastructure suggests that the perpetrators are likely Russian-speaking hackers.
This is not the first time that cryptojacking malware has been distributed through illicit means. In September 2024, Russian cybersecurity firm F.A.C.C.T. uncovered a separate campaign that attempted to spread XMRig by embedding it in malicious email auto-replies, specifically targeting workers in Russia’s tech sector, financial industry, insurance companies, and retail marketplaces.
How to Stay Safe from Cryptojacking Attacks
Users who frequently download software, especially from unofficial sources, should take extra precautions to avoid falling victim to these attacks. Here are some essential cybersecurity practices:
- Avoid downloading pirated software – Illegal downloads not only violate copyright laws but also expose users to high-security risks.
- Use reputable cybersecurity software – A strong antivirus or endpoint protection program can detect and block cryptojacking malware before it executes.
- Monitor system performance – A sudden drop in PC performance, excessive CPU or GPU usage, or overheating could indicate cryptomining malware running in the background.
- Scan downloaded files – Before opening any software from the internet, scan it using VirusTotal or a similar malware-detection tool.
- Be wary of cracked games – Even if a game appears to work fine, hidden malware can still be running silently in the background.
Conclusion
This latest cryptojacking campaign targeting Russian gamers highlights the ongoing risks of software piracy and the growing sophistication of cybercriminals. With torrents remaining a popular means of accessing software in Russia and other regions, malicious actors continue to find ways to exploit unsuspecting users.
The use of XMRig to mine Monero is a well-established tactic among cybercriminals, but the added layers of evasion and targeting of high-performance gaming computers indicate that cryptojacking operations are evolving. As hackers refine their techniques, staying informed and practicing safe online habits becomes even more crucial in the fight against cybercrime.
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
