Cybercrooks are cooking up malware disguised as mods for the Grand Theft Auto V video game.
GTA V allows players to modify their gaming environment with "mods" (modifications). It's all been good fun, but recently two of the mods – "Angry Planes" and "No Clip" – have generated warnings on forums frequented by fans of the game.
The No Clip mod is punted as a means to gain ghost-like ability within the game, in order to be able to walk through solid walls (a la Cipher from Marvel's X-Men), while the Angry Planes mod means that gamers are harassed by aggressive pilots (something like the crop duster scene from Hitchcock's North by Northwest, but with more planes and the addition of bombs as a hazard).
The mods actually did what they claimed, but also installed a key-stroke stealing malware component which poses an acute security threat for infected Windows-system gamers.
This malware is far from solely interested in game-related passwords. The whole set-up is a slightly more subtle variation of well-worn social engineering tactics. Administrators of a GTA V forum have warned about the threat.
Security firm Malwarebytes has analysed the malicious files distributed through the scam – identified by the security firm as Trojan-Agent-TRK – in a blog post here.
Chris Boyd, a security researcher at Malwarebytes and keen gamer, told El Reg that the slinging malicious ad-ons towards gamers is a fairly common ruse.
"Game mods have been a target for many years, with an older version of GTA coming under fire from a notorious GTA: Hoodlife fake mod containing malware back in 2007," Boyd explained.
"Fans of the series traditionally enjoy extending the lifespan of the title through modding, so it's a rich area of exploitation for malware authors. Rockstar could potentially increase mod safety by opening up the Steam workshop to mod downloads, but it seems that option isn't available yet," he said.
"If there is no push to host mods on Steam, then gamers will have to rely on third-party sites for downloads. It's a lot easier for bad files to slip through on forums and fan-made websites than a service such as Steam with various checks and security features in place behind the scenes," he added.
Additional comment on the security implications of the incident can be found in a blog post by security industry veteran Graham Cluley here. ®