The Federal Bureau of Investigation (FBI) has alerted the public to be aware of fraudulent gaming apps that are being used to illegally gain millions of dollars in cryptocurrencies. Cybercriminals are utilizing custom-crafted gaming applications that offer potential monetary rewards to attract users into establishing a crypto wallet while engaging with a specific gaming app.
-Emotet returns (again)
-FBI: Play-to-earn games may steal your crypto
-Another Israeli spyware vendor spotted
-IceFire ransomware returns with attacks on IBM Aspera servers
-Prometei crypto-mining botnet estimated at ~10k bots
-CISA KEV missed 42 exploited bugs pic.twitter.com/B54mxGYgLn
— Catalin Cimpanu (@campuscodi) March 10, 2023
How does this Scam Work?
Players of the “play-to-earn” apps are presented with a false reward system that accumulates funds within the app. Unfortunately, criminals can take advantage of this situation by deploying a malicious program that drains these wallets of their money without the players’ knowledge. This program is triggered when players join the game, which can lead to significant financial losses.
The warning specifically highlighted a malicious attack model where criminals gain victims’ trust over time and encourage them to download fake apps. Victims are then asked for a fee to reclaim their funds; however, even if the fee is paid, they cannot recuperate their money.
Some Suggestions from the FBI
The FBI recommends that users create separate wallets for their primary cryptocurrency holdings to protect them from unauthorized access to gaming wallets. It has also been suggested that users must utilize a third-party blockchain explorer to confirm account balances in gaming wallets.
In February, an investigation by Sophos cyber security revealed that cybercriminals had managed to upload malicious apps to Apple and Google’s official app stores, to carry out ‘pig butchering’ scams.
Scammers have also been deploying fraudulent applications outside official app stores, using remote content to create a misleading appearance of legitimacy for the app store reviewers. When the apps were approved, they would alter the code to substitute a counterfeit CryptoRom trading interface.