Cyberespionage campaign vs online gaming firms bared


MANILA, Philippines – Online gaming is among the fastest growing digital entertainment in the Internet. The fact that online gaming has millions of active players has brought it within sight of cybercriminals, according to a recent report.

The report by Kaspersky Lab, developer of secure content and threat management solutions, disclosed a massive cyberespionage campaign against certain online gaming companies, including those in the Philippines.

A cybercriminal group calling itself “Winnti” has been actively attacking online video gaming companies since 2009, stealing digital certificates signed by legitimate software vendors and also source code of online game projects, the report said.

The Winnti team is targeting gaming companies located in various parts of the world but has a stronger focus on Southeast Asia. Among the countries that have been affected are the Philippines, India, Indonesia, China, Taiwan, Thailand, South Korea, Japan, Belarus, Germany, Russia, Brazil, Peru, and the United States, it said.

It was first detected in 2011, when a malicious Trojan was detected on a large number of end-user computers across the globe and was accidentally installed in the PC of some online gamers, it said.

“Winnti’ was originally thought that the online game publisher from where the piece of malicious software was installed was spying on their gamers. The authors, it seemed, were actually targeting the server of the online gaming provider.

A suspicious program that has been analyzed on the request of an alleged “targeted” online gaming publisher showed that “the Trojan is a DLL library that could function as a Remote Administration Tool (RAT) that could control the victims’ computers without being detected”, the report said.

“The malicious module actually had a valid digital signature that turned out to come from another online gaming company that was issued by Verisign,” it said.

“The digital signature was later revoked upon report of its abuse by the cybercrime group,” it said.

The trail showed compromised digital signatures from legitimate online gaming companies used by the Winnti group, most of which were from South Korea, it said.

These signatures were distributed for use to other hacking groups. Kaspersky Lab listed a number of the companies whose digital certificates were stolen, which include Korean firms ESTsoft Corp. Kog Co., MGAME Corp., Sesisoft, Wemade, and Neowiz. Chinese firms Guangzhou YuanLuo and Fantasy Technology Corp., and Japanese game publishers YNK Japan and Rosso Index KK were also targeted.

LivePlex Corp, a South Korean online gaming publisher has operations in the Philippines.

Apart from industrial cyberespionage, Kaspersky Lab experts also found out other illegal money-making schemes are being used by the Winnti group using their malware campaign. These include:

·         Manipulate the accumulation of in-game currency, such as “runes” or “gold” that’s used by players and convert the accumulated virtual money into real money;

·         Use the stolen source code from online game servers to search for vulnerabilities inside games to augment and accelerate the manipulation of in-game currency and its accumulation without suspicion;

·         Use the stolen source code from servers of popular online games in order to deploy their own pirated servers.

Jimmy Fong, Channel Sales Director for Kasperky Lab in Southeast Asia, said “We encouraging online gamers to exercise caution when using PCs for their online gaming activities. While most gamers use their own devices to play, there are still who use Internet cafes for playing.”

“It is recommended that gamers check if the PCs they are using have the proper security applications installed and updated,” he added.

Fong advised gamers must also be extra careful when using their PCs to conduct online transactions by using legitimate software and having the latest updates to ensure that cybercriminals do not easily infiltrate their PCs for their illicit activities.

Recent Stories:

Papal favorites served up in new recipe book 24 mins elapsed Review: Better cameras, less glare in iPad Air 2 35 mins elapsed No end in sight for Hong Kong protests after talks 48 mins elapsed Antonio Tiu paid P11M downpayment for Batangas property 57 mins elapsed South Korea dismantles border ‘propaganda’ Christmas tree 1 hour elapsed Gov’t facilities ready for Ebola—DOH 2 hours elapsed Antonio Tiu can’t prove ownership of Batangas property 2 hours elapsed P10-M payment by Binay camp to witness bared in exchange for silence 3 hours elapsed
Complete stories on our Digital Edition newsstand for tablets, netbooks and mobile phones; 14-issue free trial. About to step out? Get breaking alerts on your mobile.phone. Text ON INQ BREAKING to 4467, for Globe, Smart and Sun subscribers in the Philippines.

Copyright © 2014, .
To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.
Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:
c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City, Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94