From Malware to Fraud: How ATOs Enable an Economy of Abuse

Online gaming has seen a meteoric rise in popularity, boasting a staggering 2.58 billion online gamers worldwide as of 2024. And that number is only going to grow. Revenue has also soared to unprecedented heights, reaching over 26 billion U.S. dollars last year alone and is expected to climb to over 32 billion by 2027. Fueled by the COVID-19 pandemic, gaming has evolved from a mere pastime to a global phenomenon.

Yet, as the player base expands, so do the risks lurking within the digital realms.

As gamers invest time and money into their virtual adventures, their accounts burgeon with virtual riches, making them prime targets for fraudsters seeking illicit gains. Whether it’s through account takeovers (ATOs), cheating or credit card fraud, players of all ages are vulnerable to exploitation. Leveraging a variety of techniques ranging from malware to phishing campaigns, threat actors exploit vulnerabilities to gain access to valid accounts, subsequently utilizing them for illicit profits. 

Yet, the journey of account theft and exploitation doesn’t end with ATOs. Forums and marketplaces, both on the surface and dark web, serve as hubs facilitating the trade of stolen accounts and digital assets, fueling an underground economy built upon illicit activities. For gaming platforms, the burden of fraud extends beyond financial losses; it tarnishes their reputation, potentially driving away users indefinitely. This poses a significant threat to the platforms’ long-term viability, underscoring the importance of understanding and combating these threats to safeguard both users and platforms alike.

Into the Shadows

In the world of online gaming, cybercriminals operate much like car thieves, targeting valuable gaming accounts for financial gain. These valuable accounts, like cars, can be sold intact or dismantled and sold for parts. Stolen digital items usually include gift cards and in-game assets like customized items and character skins.

To steal these accounts, threat actors use various techniques like malware, phishing campaigns, social engineering, and credential stuffing attacks. These methods allow them to gain access to existing valid accounts and exploit them for profit.

Facilitating Fraud with Malware 

Fraud actors often use malware to target online gamers and steal their credentials and digital information, compromising their accounts. Credential stealers primarily include three types of malware:

•  Programs that wait for a user to log in to steal their credentials: This kind of malware is designed to capture handles and passwords when users log into games.
• Programs that dump information stored in Windows: This type of malware extracts information, such as password hashes, from the Windows operating system. The stolen information can be used directly or cracked offline.
• Keyloggers – Programs that log keystrokes: These malware programs record the keys typed in by users, allowing threat actors to capture sensitive information, including login credentials.

Besides malware, there are forums and marketplaces on both the surface and dark web dedicated to facilitating gaming fraud. Cracking forums, in particular, specialize in ATO and often share techniques for cracking accounts.

The Economy of Stolen Accounts 

In the shady corners of the internet, stolen gaming accounts become commodities for profit, traded among cybercriminals through secret channels and hidden platforms. To profit from stolen accounts, threat actors sell what they acquire by communicating on instant messaging platforms and servers. 

Some exploit existing servers, while others create their own private servers. These platforms allow thieves to discuss buying and selling accounts, items, and in-game currency.

There are a few factors that come into play when determining the value of a sold account. The game itself, its in-game currency, and character skins contribute to the account’s worth. The more of these elements the account possesses, the higher its price tag, with higher demand translating to increased prices.

Additionally, the platform or game associated with the account can also impact its price. The more popular the game is, the higher the bounty – like a rare collectible in the underground market.

The True Cost of Gaming Fraud

Video games have always been a popular target for hackers. Besides modifying textures, characters, and objects, some players use hacks or cheats to gain an unfair advantage over others in online games.

Cheating in online games is estimated to cost the industry around $29 billion annually in lost revenue. This financial damage can be attributed to three main harms:

• Loss of revenue from in-game stores: Theft of in-game tools and digital assets prevents platforms from selling these items in their stores.
• Devaluation of digital assets: Illegally obtained digital assets are sold at lower prices, undercutting legitimate platforms and devaluing their products.
• Weakened player retention: Players who cheat also harm the retention of legitimate players. Losing these players can significantly impact a game’s profitability and reputation.

While the harm caused by cheating and fraud is significant, platforms can combat this activity through targeted and proactive intelligence gathering. The cost of doing nothing or reacting only after each new exploitation occurs can be costly. 

The Bigger Picture

Online gaming presents a fertile ground for fraudsters, who exploit both gamers and gaming platforms for financial gain. Beyond monetary losses, fraudulent activity inflicts broader damages, including toxicity within the gaming community, tarnishing the overall user experience and user churn. As video games emerge as a primary form of global entertainment, ensuring platform safety and user security becomes crucial. 

Combating fraud in online gaming requires swift detection and prevention of toxic activities. Robust security measures and advanced detection systems are essential for identifying and mitigating threats effectively. Educating users on potential risks, promoting secure password practices, and implementing multi-factor authentication are proactive steps to bolster platform security.

Proactive threat intelligence is instrumental in uncovering compromised accounts at every stage of the process, from discovering new methods used by fraudsters to steal accounts to detecting the sale of compromised accounts on the dark web or even identifying new and more sophisticated ways for bad actors to commit new types of fraud. By leveraging these insights, gaming platforms can fortify their defenses and mitigate the risk of falling victim to such attacks. With a safe and happy user base, gamers can fully immerse themselves in games, free from the concerns of fraud and harmful behavior.

Talk to our experts to discover how ActiveFence’s Deep Threat Intelligence can help you stay ahead of bad actors by catching fraudulent activity at the source. Gain insights from hidden forums and dark web chatter to proactively inform your policies and mitigate risks before they escalate.

Click below to read ActiveFence’s comprehensive report about exploits in online gaming. This report equips Trust & Safety teams with invaluable insights into the ever-evolving tactics and increasing sophistication of threat actors.

Editor’s Note: The article was originally published on October 7, 2021. It has been updated with new information and edited for clarity.