Gamers looking for freebies hit with PUAs through torrent downloads


Karma may be getting even with gamers who believe they are downloading computer games illegally on torrent, when in fact the file obtained is not a game, but a potentially unwanted application (PUA).

Symantec researcher Sebastian Zatorski found a PUA downloader campaign being run on several torrent game sites using six popular computer games as bait. The victims believe they are downloading a pirated version of the game for free from a third-party site when in fact are just getting PUA malware. A PUA may not be as nasty to be hit with, as say, ransomware, but Symantec said it can impact a device's security, privacy, resource consumption and is associated with other security risks.

“We believe that the actors behind the PUA distribution campaign were abusing various pay-per-install affiliate campaigns in order to achieve monetary gain by pushing as much different PUA applications as possible. During the analyzed campaign we also noticed that the PUA software delivered by the downloaders (PUA.ICLoader.g3) has been changing frequently - one more [piece of] evidence that various pay-per-install campaigns might have been in use here,” Zatorski wrote in the blog.

Specifically, Zatorski told in an email, the hackers go after Steam platform credentials and inventory or place spam into the Steam messaging system.

“In short, the most prevalent reason behind targeting the gamers is either information/ credentials theft or malware / PUA distribution. Stolen credentials might be also used to access in-game accounts and potentially take over the virtual in-game currency or in-game objects,” he said.

He noted that the games containing PUAs were only from third-party sites advertising torrent links and that there is no evidence legitimate game publishers being compromised in any way. He said even Teslacrypt ransomware has been found in the past.

The games being used as bait are:

  • World of Warcraft: Legion
  • Assassin's Creed Syndicate
  • The Witcher 3: Wild Hunt
  • Tom Clancy's The Division
  • Just Cause 3
  • The Walking Dead: Michonne

The hackers go to great lengths to show that the download is legit including showing a small file size, which can indicate the file is a .torrent type and the recipient sees a confirmation window with instructions on how to install the file. The instructions lead to a redirect that takes the person to file hosted on Google Drive.

Other tricks being used to snag victims is making the bait even more enticing is the hackers have started using games that are not yet available.

“In the recent PUA campaign, we have seen this with the example of World of Warcraft: Legion being advertised on the 3rd party torrent sites – the official game is not available yet. In the past there have been other numerous examples of spikes in email spam related to not released yet gaming titles, promising either free activation keys or beta invitations. Such campaigns are usually targeted at malware/PUA distribution or credentials phishing,” Zatorski said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.