Threat Management, Incident Response, Malware, TDR

Hearthstone gamers who download cheats may be cursed with malware


Evoking the old axiom “cheaters never prosper,” Symantec yesterday warned online gamers of new Windows-based malware schemes victimizing fans of the strategy card game Hearthstone: Heroes of Warcraft. According to the company's Security Response blog, hackers behind these cyberthreats are preying on dishonest players who seek out third-party cheat apps to improve their rankings and build their weapons caches.

A title of video game developer Blizzard Entertainment, Hearthstone is a free spin-off to the wildly popular World of Warcraft franchise, reportedly boasting more than 40 million registered accounts as of November 2015. With such a large pool of potential victims, Hearthstone is a tantalizing target for hackers looking to cash in by uploading malicious gaming applications to online distribution sites. Once an infected file is downloaded by a gamer, the hidden malware can steal Bitcoin funds or install backdoors for remote access to users' PCs.

Val Saengphaibul, senior security researcher at Symantec, told that many of these booby-trapped apps “piggyback off of a known Hearthstone app name and try to socially engineer the cheater to download” the similarly-named fraudulent file. Often these imposters go unnoticed because many of the distribution services and peer-to-peer networks that offer the cheat “basically ignore the content of the [malicious] file and just look at the name,” Saengphaibul said.

Symantec detailed two separately discovered cyberthreats in its blog post. The first, detected on Feb. 2, 2016, is the newly discovered malware Trojan.Coinbitclip, which poses as a “gold and dust” hacking tool. In Hearthstone, gold and dust are units of currency — earned through victories, completed objectives and other actions — which can then used to buy more powerful abilities. The player thinks downloading the file will help him to accrue extra gold and dust at no cost, but in truth the trojan robs the gamer of his very-real Bitcoin currency.

“Because Bitcoin addresses are long and include random characters, many users who mine Bitcoins use a clipboard to facilitate the process. Trojan.Coinbitclip hijacks the user's clipboard and replaces the user's Bitcoin address with one from its own list — this is how the malware steals someone's Bitcoin,” Symantec explains in its blog.

The second threat is the four-year-old trojan Backdoor.Breut, which as of December 2015 was now posing as an add-on deck-tracking application for Hearthstone. Deck trackers provide players with insight into which cards they haven't drawn yet — a morally gray tactic that is nevertheless used openly by many gamers, according to Symantec. “This threat is capable of opening a back door, recording from the webcam, logging key strokes and stealing passwords,” the company's blog post warned.

Symantec also warned that many video game bots—tools that allow your computer to play and earn rewards for you while you tend to other matters—are also often riddled with malware, though there was no specific example in the blog post.

Blizzard Entertainment policy generally prohibits use of the above-mentioned cheats and add-on tools. contacted Blizzard Entertainment for comment, but received no response.

Symantec recommended that gamers arm their devices with a strong, updated antivirus program. But the safest course of action is not to download any third-party game apps at all, lest the cheaters get cheated themselves.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.