The low hanging fruit? Dangerous stealer disguised as games and other software shows up on first page in search engine results

Even with more ways to play games, from new consoles to in-browser options and mobile games, demand for PC games persists. So does a gamer’s desire to play them for free – often by finding and downloading cracked versions of games. However, such shortcuts often come at a cost, with users installing dangerous malware instead of the desired game. Sometimes, cybercriminal groups go as far as setting up a network of websites, which are meant entirely for the distribution of such malware – as was the case in the latest campaign discovered by Kaspersky.

In April 2021, Kaspersky researchers observed a massive, well-coordinated campaign, which distributed a dropper – a program that secretly executes a malicious program – dubbed Swarez. The dropper was delivered through dozens of fake warez websites – platforms that specialize in free distributed copyrighted materials, which are considered to violate copyright law. These websites distributed malware under the guise of cracks for a different software, including anti-malware, photo or video editing software, and fifteen popular computer games. Users in 45 countries across the world were attacked by such files disguised as games.

After a chain of redirects from the warez website, the users downloaded a ZIP archive with password protected ZIP file and a text document with the key to unpack it. The installation process looked complicated enough for users to be tricked into thinking they were installing the game they were looking for. In reality, the users downloaded the Swarez dropper, which, in turn, decrypted and executed a Taurus Trojan-Stealer, a paid stealer, which has many functions and is flexible and configurable. The malware is capable of stealing cookies, saved passwords, autofill data from browsers, and data related to crypto wallets. It gathers information about the system, .txt files from the user’s desktop and can even take screenshots.

Downloaded malware emulated cracked software to trick users into executing it

One of the most concerning aspects of the campaign was how easy it was to reach the right targets. Cybercriminals optimized their websites for specific search keywords, and in some cases, managed to get their malicious sites into the top three results of popular search engines.

A search for Minecraft crack keys offers websites with Swarez in the top results

“Our devices contain more valuable information about us and our finances than ever – and therefore are an ultimate target for various cybercriminals. The Swarez campaign demonstrates that tricking users into installing software from some unknown source remains an effective way of getting malware onto their devices. And cybercriminals invest in creating more complex schemes to convince users that what they are installing is not malware – to the point of emulating installation processes. This demonstrates that there is no middle ground – to stay safe from threats such as these, users need to stick to downloading software from trusted, official sources, because at the end of the day, the payment for making a mistake may end up being much higher than the cost of a game or other software,”comments Anton V. Ivanov, security researcher at Kaspersky.

Learn more about game-related cyberthreats in the latest report on this topic on Securelist.com.

To stay safe from threats such as Swarez, Kaspersky recommends:

• You do not download pirated software and other illegal content, even if you are redirected to the webpage from a legitimate website
• Wherever possible, protect your accounts with two-factor authentication. For others, comb through account settings
• That if you wish to buy a game that is not sold through major stores, purchase them on the official website only. Double check the URL of the website and make sure it is authentic
• Updating your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software 
• Not opening questionable websites when they are offered in search results and do not install anything that comes from them
• A strong, reliable security solution will be a great help to you. Try one that won’t slow down your computer while you’re playing but will protect you from all possible cyberthreats. We recommend Kaspersky Total Security – it works smoothly with Steam and other gaming services.