When you’re a fan of first-person shooter games, the first thing you learn is how to aim and maintain your recoil. However, some players like to take the easy route by installing cheat codes. Well, things don’t seem easy anymore as threat actors are making their move by offering links that trick players into downloading RedLine, a powerful information stealer.
Recently, a malware distribution campaign has been targeting Valorant users on Windows. Apparently, they’re using Youtube to spread the malware in hopes of harvesting sensitive information.
The outcome is pretty bad, and the reach is definitely huge as the game has an estimated 12 million active players. What are the attackers after? How are they able to bypass Youtube’s security measures? Find out below.
Valorant Cyber Attack – RedLine Crossed Again
This is not the first time we’ve seen RedLine strike. In fact, a while ago, the malware targeted Windows users by posing as an update patch.
As mentioned, a lot of first-shooter players are well-known for relying on cheat codes, especially aim-bots. Basically, these cheats allow them to hit the target no matter where they have their scope on – just spray and you’ll get the kill.
However, threat actors are now preying on those who like to gain extra unfair advantages during gameplay. The attackers are finding new ways to bypass YouTube’s new content submission reviews.
Even if the platform manages to catch them, they would create new accounts when reported and blocked. Once the video is in place, the threat actors include a download link in the description section.
If we look closer at the description, the owner of the video (Attacker) is prompting users to turn off their Anti Virus. Apparently, they’re not so subtle, but yet again, some players are not that keen when it comes to security.
Once users click on the link, it’ll redirect them to the download page, which seems like an add-on installed in the game for extra aiming help.
Now, once installed, the malicious magic begins behind the scene. Oh, and there’s a reason why the attackers asked the users to activate their VPN. It’s not a coincidence.
With RedLine in place, it collects basic information of the infected system as well as various user credentials. We’re referring to the following: (Research by ASEC)
- Basic information“
- Computer name, user name, IP address, Windows version, system information (CPU, GPU, RAM, etc.), and list of processes
- Web browsers:
- Passwords, credit card numbers, AutoFill forms, bookmarks, and cookies.
- Cryptocurrency Wallets:
- Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, and Jaxx.
- VPN client account credentials:
- ProtonVPN, OpenVPN, and NordVPN.
As ASEC reported, the damage done by RedLine is huge. That’s basically due to the fact that Auto-aiming bots are highly sought-after for multiplayer games like PUBG and Valorant.
Valorant Cyber Attack – You Cheat, You Drop RedLine
The lesson here is quite simple: Unless it’s an official Youtube channel, you should never trust any links shared in the description, especially when the videos promote free software of various types.
You should know that nothing comes for free, except in some rare cases. These types of software are not legit, and they’re often used by newly created channels as lures.
You need to know the difference and to stay vigilant whenever you’re downloading anything. Oh, and by the way, installing cheat codes takes the fun out of the game. Don’t do that.