I’ve always thought that if you wanted to target a particular group of people to infect their computers and steal their login details that teenage boys who play video games would be an ideal choice. Of course there are drawbacks in that few will probably have paypal or online bank accounts however that’s changing. Take my eldest son for example who fits quite neatly into this ‘game playing’ group and despite my protestations is always infecting his computer with something or other. His world focuses around computer games so if something gives him the edge, he’ll install it in a heart beat without a second thought about what it is or where it comes from. A stern lecture on computer security and why it’s sensible not to install unknown programs which throw up security warnings will be forgotten minutes later.
Well it seems they are being targeted and the route is through ‘mods’ to popular games like Grand Theft Auto. These ‘mods’ are software which you can install onto a popular game to modify some aspect of it. It might be a different scenario, change the look and feel of the game or install some sort of cheat or upgrade into the game itself. There’s a whole community of people developing this stuff mostly for free.
It was in two mods of the GTA V game that some users first noticed that malicious code has been inserted onto their computers through the patches. The ‘Angry Planes’ mod spawned planes which attacked enemy players, and the ‘Noclip’ mod allowed players to walk through walls and other objects. One GTA player noticed that a C# compiler was running in the background when he played GTA V, it was running a program called FADE.exe which is actually a keylogger. This is a program that sits and records all your keystrokes and then usually emails or uploads them to a remote server somewhere for someone to pick up. The mods were completely functional and did exactly as described, which of course the best malware distribution systems always do.
People tend to believe if something works then it’s not infected with a virus where that’s not usually the case. There’s loads of examples here especially in the field I cover most that of proxies and security. So it’s very likely that there are thousands of people running around GTA V whilst malware sits logging their every keystroke in the background. Most of the Anti Virus software failed to pick up anything in these mods so most will be completely unaware of this situation. So if you play or knows someone who plays modded versions of GTA then it might be worth letting them know to check out their computers and change their passwords (after removing the keylogger obviously!).