The much anticipated Harry Potter game Hogwarts Legacy was released to a rather warm welcome from the public on February 10. While cracked versions of the game are already available, it was found that these cracks are installing adware or require the user to go through a survey scam to collect data such as name, email and phone number.
Malware intelligence analyst Stefan Dasic looked at a few websites offering the cracked version of the game for free. One website, games-install.com, asked the user for an activation key to install the game after the download. In order to get the key, the user has to go through a survey that either leads to a dead end or provide data such as their phone number.
A lot of the sites Dasic reviewed redirected to gameportpc.ru, which then redirects to different sites that host a file named Hogwarts_Legacy_Setup.exe. However, as soon as the user clicks the download button, 7-Zip, a legitimate file compression program, is downloaded instead.
If gameportpc is visited directly, that same downloaded file becomes a trojan dropper and installs generic adware on the user’s PC instead. It’s safe to assume that the downloaded 7-Zip executable is also combined with the adware and acts as a dropper, while also installing 7-Zip as a ruse.
Malwarebytes can detect both the dropper and adware as Trojan.Dropper and Adware.Agent.Generic. The program also blocks any fake sites that might be pushing Hogwarts Legacy game cracks.
Game cracks are a popular source of malware or adware infections and numerous other scams. Since cracked games work via file alterations or other changes made to a game and are make otherwise paid games available to download for free, they also fall under software piracy and are deemed illegal in many parts of the world.
This means that websites offering such downloads are often left unmonitored and are run by malware operators looking to trap gamers that might want to save a buck by downloading a game for free. Considering the steep price tag most new games launch these days (Hogwarts Legacy is currently selling for $60 on Steam), this often turns out to be an effective infection vector.
In the News: Novel ransomware dubbed ‘MortalKombat’ used in malware attack