Valorant cheats on YouTube are actually information-stealing malware

Credit to Author: Christopher Boyd| Date: Wed, 16 Mar 2022 12:21:14 +0000

Valorant, the popular free-to-play team based shooter, is attracting the attention of scammers. It’s reported that a malware distribution campaign is leveraging YouTube to push infection files. The campaign distributes a file known for password theft, and hunts for those passwords in browsers, cookies, a variety of cryptocurrency wallets, VPN clients, and many more besides. It then zips the stolen data and sends it via a Discord webhook (a method for sending updates to Discord channels).

When history repeats itself

As mentioned by Bleeping Computer, using YouTube in this way is not a new tactic. It’s a quick, easy way to try and make malicious off-site links go viral.

How do they convince people to run the infection file? They tell people to download a file and run it with security software switched off. They then disable the comments to avoid awkward questions, or leave them on and fill with scammer-controlled spam saying how good the file is. Then they ruthlessly delete all the other replies posting warnings.

This is the basis of a basic YouTube scam. We note that some of the above techniques are being used in the malware distribution campaign referenced.

What is the bait being used?

Cheats will cheat for many reasons in a video game, especially if it’s competitive. Why spend hours practising the game to meet your cheat-laden objectives if you can just cheat some more? Aim-bots have been a plague in the shooter landscape for many years, and there’s no shortage of fakes alongside the genuine articles.

At the most basic level, aim-bots will help you target other players more easily. They may include wall-hacks, rapid fire, radar interference, the sky’s the limit. Online titles frequently include several forms of anti-cheat to detect hacks and (potentially) contribute toward a ban. As a result, top-tier cheat tools which try and bypass the detection on offer can fetch a pretty price.

An aim-bot or other cheat tool offered up for free on YouTube sounds too good to be true, and that’s precisely because it is indeed too good to be true. Although the example from the article leads to a sharing site called “Anonfiles”, a lot of the time more well-known file sharing portals are used. There may well be an advert or survey to click through on those sites too, which means potential extra revenue.

Finally, many scams of this nature use URL shortening services. This helps to hide the real landing page from casual observers, adds another layer of familiarity (“Oh, it’s Bit.ly”), and may also give the malware authors detailed clickthrough statistics.

How to avoid being caught by these scams

We may have touched on a few of these above, but even so, they’re worth repeating.

  • Do not, under any circumstances, switch off your security protection. There’s no reason to do this when installing games in almost any situation I can think of. It’s pretty rare these days to run into an issue where a legitimate game file is prevented from performing a task by security software. I think that’s happened to me perhaps twice in something like 10 years, and I install a lot of games on PC.
  • Check out the comments. Are they all strangely positive? Do they all claim the thing being offered worked like a charm with no problems whatsoever? Are the accounts brand new, or old accounts which seem to have only recently taken an interest in cheating? Alternatively, are the comments simply switched off? Both of these can be massive red flags when dealing with game cheat files.
  • What other content is the account promoting cheat software pushing? Is it a bunch of identical cheat videos with a few bits of text switched around? Surveys? Millions of free [insert game currency here] points via some sort of website-based generator tool? These are all signs that something is most definitely not right.
  • Finally: even if the source is entirely legitimate and the supposed cheat tool does in fact work? You’re playing with fire. Game cheats are routinely banned in huge numbers for all sorts of reasons. Steam, Epic store, PlayStation network, it doesn’t matter. Valorant has its own anti-cheat system and it’s quite unlikely you’re going to find a YouTube freebie which gets around it.

Do the sensible thing and give game cheating tools a very wide berth. It’s simply not worth risking your gaming accounts being stolen, or your account being banned, or a horrible combination of both.

The post Valorant cheats on YouTube are actually information-stealing malware appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/