DotA 2 and Diablo III beta testing crack files carry malware

Gamers are known for their impatience when it comes to trying out updates and new packs for popular games, and cyber crooks are always ready to take advantage of that.

Warcraft and Diablo players are the latest to be targeted, says Microsoft, as its researchers have discovered malware masquerading as cracks (diablo3-crack.exe) and keys for beta versions (dota 2 Betakeys.txt.exe) of the games being pushed via various torrent/file sharing websites.

The fake Diablo III crack file hides a piece of malware dubbed Pontoeb which harvests information from the compromised system and sends it to the malware authors.

“The information is gathered through a WMI query that retrieves data such as SerialNumber, SystemDrive, Operating system and processor architecture,” explain the researchers. “But its ultimate goal is to morph the infected system into a zombie. It installs a backdoor where an attacker connects to in order to control the infected system and execute certain commands (for example, download a file, update itself, visit a website, and perform HTTP, SYN, and UDP flooding).”

The bogus text file supposedly containing the keys for the beta version of the Defense of the Ancients 2 is actually an executable – a remote access tool/backdoor Trojan – dubbed Fynloski – that is also capable of logging keystrokes, stealing passwords from known applications, disable security settings, download and run additional malicious files, and more.

Both Pontoeb and Fynloski were first detected last year – the former less than a month ago – but popular antimalware solutions have signatures in place to detect them. Still, users are advised to relieve their curiosity and impatience by downloading beta versions of games directly from official sites.