Cybercriminals are increasingly exploiting young gamers, with a 30% rise in attacks in the first half of 2024 compared to the latter half of 2023, according to a new report by Kaspersky.
The cybersecurity company found that over 132,000 users had been targeted by these scams, which use popular children’s games like Minecraft, Roblox, and Among Us as bait.
According to the report, “The number of unique users targeted by cybercriminals using popular children’s games as a lure surged by 30% in the first six months of 2024 compared to H2 2023.”
The report highlights that, from July 1, 2023, to June 30, 2024, Kaspersky’s security solutions detected more than 6.6 million attempted attacks. These attacks often used the names and branding of popular games like Minecraft, Roblox, and Among Us to trick young players. Minecraft was the most exploited game, with over 3 million attempted attacks. Cybercriminals often disguise malware as cheats and mods that users can download from third-party websites.
Rising tribe of cybercriminals ‘now tricking young gamers’
The report highlights that, from July 1, 2023, to June 30, 2024, Kaspersky’s security solutions detected more than 6.6 million attempted attacks. These attacks often used the names and branding of popular games like Minecraft, Roblox, and Among Us to trick young players. Minecraft was the most exploited game, with over 3 million attempted attacks. Cybercriminals often disguise malware as cheats and mods that users can download from third-party websites.
“Out of the 18 games we chose for this research, Minecraft still remains the most popular among cybercriminals. The primary reason is a range of Minecraft features that allow gamers to use cheats and mods to enhance and personalise their digital experience. In particular, cybercriminals tend to disguise malware under the guise of Minecraft’s mods and cheats, having launched 3 million attempts on over 120,000 users throughout the reported period,” says Kaspersky
Kaspersky researchers believe the popularity of these games, combined with the ability to use unofficial modifications and cheats, makes them attractive targets.
“Since the majority of mods and cheats are distributed on third-party websites, attackers disguise malware by posing as these applications,” says Kaspersky.
Cybercriminals are becoming more seasoned in their attacks. Kaspersky experts attribute the rise in successful attacks to two factors:
- Cunning Attacks: Attackers are exploiting current trends and crafting less obvious schemes to bypass traditional defences.
- AI-powered Phishing: Kaspersky experts believe that criminals are using Artificial Intelligence (AI) to automate and personalise phishing attacks, making them more likely to deceive young users. Additionally, readily available premade phishing templates on the dark web allow even novice attackers to create convincing fake gaming platform websites.
The report details two popular scams used by cybercriminals:
- Free Skins: Scammers offer desirable character upgrades (“skins”) in exchange for login credentials. One example involved a fake offer for a “Mr. Beast” skin for the popular game Valorant. The use of the popular YouTuber’s image is intended to grab children’s attention and lure them into the scam.
“By selecting this blogger and using his photo, the fraudsters aim to capture children’s attention and hook them into their fraudulent scam. To receive the desired Mr. Beast skin, young users are asked to enter their login and password for their gaming account, enabling their credentials to be potentially stolen by scammers as a result,” Kaspersky says.
- Fake In-game Currency: Another tactic involves the promise of free in-game currency. One example involved a scam exploiting the Pokémon GO brand. According to Kaspersky, players were directed to a fake survey, which led them to a fraudulent website promising free rewards.
“This is where the real scam kicks in,” Kaspersky explains. “The scammers aren’t actually after personal data like credit card details; they’re using the guise of gaming to lure users into another hoax — one involving fake downloads, prize claims, or other deceptive offers. The whole process is a clever way to redirect users to a different, more dangerous scam under the pretence of a legitimate verification step.”
Vasily Kolesnikov, security expert at Kaspersky says that “throughout our research, we see attacks on children are becoming a common vector of cybercriminals’ activities. That’s why cyber hygiene education and the use of trusted cybersecurity solutions are a ’must-have’ in building children’s safety in the online environment. By fostering their critical thinking, responsible online behaviour, and a strong understanding of the risks, we can create a safer and more positive online experience for this generation of digital natives.”
To combat these threats, Kaspersky recommends that parents maintain open communication with their children about online safety, help them create strong passwords, and enforce clear rules for internet use. The company also recommends security solutions, such as Kaspersky Premium, that can block malicious files from getting onto devices in the first place, along with parental control apps like Kaspersky Safe Kids to keep an eye on and manage kids’ digital behaviour.
Home
