Security analysts at ASEC, a Korean cybersecurity firm have spotted a malware campaign that’s using Valorant cheats as a way to distribute the RedLine malware.
The campaign points to a download link for an aimbot for Valorant, a popular first-person shooter game by Riot. This abuse is relatively common as threat actors can easily bypass YouTube’s new content submission reviews or create new accounts altogether.
The aimbots claim to help players aim at enemies and shoot without much skill required, making them a highly sought-after piece of software for popular titles such as Valorant as they allow for far quicker rank progression in-game. Users who download the file get a RAR archive named which has an executable file called “Cheat installer.exe”.
In the News: Meta to temporarily allow hate speech against Russia
Cheating can lead to bigger problems
What appears to be an installer for the cheat, which works as an add-on in-game, is actually the installer file for RedLine stealer, one of the most popular password-stealing malware that can steal the following information from the victim’s computer.
- System information: This includes computer name, Windows username, IP addression, Windows version, system hardware information and list of currently running processes.
- Web browsers: Includes saved passwords, credit card numbers, autofill forms, bookmarks and cookies. However, this only works for Chromium based browsers like Chrome and Edge. Firefox is also vulnerable.
- VPN clients: The malware can also get your account credentials from VPN clients including ProtonVPN, NordVPN and OpenVPN.
- Cryptocurrency wallets: Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, and Jaxx are vulnerable to data theft from RedLine.
- Other programs: These include FileZilla, Steam, Discord and Minecraft.
Once RedLine has the information it needs, the malware packages everything in a zip file called ‘().zip’ and extracts the file to the operator using a WebHook API POST request to a Discord server.
The use of Discord in such campaigns isn’t new. It’s a popularly used program that is used by threat actors to operate bots and act as a command and control centre. Besides, cheats in general not only ruin the game for everyone involved but have historically been a constant source of malware and viruses for those who decided to use them.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at firstname.lastname@example.org, or follow him on Instagram or Twitter.