Wallet Drainers Target Almost 5 Million Video Game Players

While the majority of victims of the massive malware campaign used pay-to-cheat services, many did not use this type of aid and instead experienced attacks after playing with VPNs and performance-enhancing tools

Thief stealing money from a video game player
Compromised accounts experienced the theft of credentials and cryptocurrency, along with unauthorized purchases

Today, the team behind VX-Underground, an educational platform focused on cybersecurity and malware, shared troubling news with its X community about cryptocurrency users who rely on pay-to-cheat services for popular video games.

According to VX-Underground, an unidentified threat actor is currently conducting a massive infostealer campaign, which impacted almost 5 million player accounts at the time of publication. The victims have experienced theft of their gaming accounts and unauthorized purchases. Many of the victims, who also happened to be cryptocurrency users, especially those relying on Electrum BTC wallets, lost their digital assets.

Read also: Wallet Drainers Can Bypass Security by Exploiting EIP-712 Normalization

The largest group of victims in this attack consists of users who rely on pay-to-cheat services mentioned earlier. Providers of such services offer players tools like cheats and hacks, which give them a competitive edge in video games.

According to VX-Underground, PhantomOverlay, a team supplying Call of Duty players with cheats, was the first to detect fraudulent activity.

"A Call of Duty cheat provider, PhantomOverlay, was alerted to fraudulent activity when user accounts began making unauthorized purchases," VX-Underground reports. The team emphasizes that "the cheat provider was the first to notice the fraudulent activity and reached out to the suspected victim."

After identifying the first victim, it became clear that this was just one of many compromised accounts. At press time, it was estimated that 1,365 PhantomOverlay accounts had fallen victim to the campaign.

Damage statistics from VX-Underground
Source: VX-Underground, X

While this number is alarming, it pales in comparison to the accounts compromised on other platforms. For instance, 561,183 Activision and 572,831 UnknownCheats accounts were affected, while 3,662,627 accounts registered on Blizzard Entertainment’s digital distribution platform Battlenet were targeted by the malicious actor.

Additionally, the compromise of 117,366 Elite PVPers accounts was also identified; however, this number may be even higher.

"When Elite PVPers was approached by PhantomOverlay administrative staff about the compromised accounts, Elite PVPers confirmed that they had identified over 40,000 valid user accounts as compromised," VX-Underground explains. The team assumes that these stolen credentials were separate from those mentioned earlier. "Due to the volume of data, we have not been able to thoroughly review it for duplicates," VX-Underground acknowledges the possibility of duplicates.

Read also: Scammers Purchase Google Ads for Phishing Sites

Interestingly, Activision Blizzard is now cooperating with cheat providers to assist users affected by the malware attack.

While the majority of the damage was inflicted on pay-to-cheat players, VX-Underground stresses that not all victims are cheaters. "Some impacted users utilized gaming software for latency improvement, VPNs, and Controller Boosting software," the team states.

The exact type of malware used in the recent wave of attacks has not yet been identified.