New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Password-Stealing Malware Disguised as Riot Games Early Access Keys

With Riot Games’ eagerly awaited first-person shooter game, Valorant, reaching the end of beta testing, gamers around the world have been trying to get keys to access the beta version before it is released to the public. As with anything popular or newsworthy, attackers are capitalizing on the hype to spread malware. Attackers are distributing software that claims to be a “beta key generator” for the game, but actually installs one of several nasty malware programs to the gamer’s device. Most of the malware seen by Bleeping Computer go after a victim’s browser history, saved logins, passwords, SSH keys, and FTP accounts. Some of the viruses have advanced capabilities that could execute commands, take screenshots or even install a keylogger to the victim’s computer.

Analyst Notes

Gamers who want access to Valorant or any new game are highly recommended to only use game keys that have been provided by Riot Games—do not download or run any program that claims to generate keys. Using a third-party site or download that claims that they can give access to the latest program will almost guarantee that the file is a threat. Organizations can defend from these attacks by educating their employees on proper security measures, such as not downloading and running programs on company-owned computers. Quickly detecting malware and other attacks against corporate computers is important, because once an attacker has access to all the passwords from one computer, those passwords are often used to log on to other corporate accounts or computers via remote access facilities. All passwords used from a computer infected with information-stealing malware should be changed, and Multi-Factor Authentication (MFA) should be used to protect any critical accounts. Consider employing a security monitoring service such as the Binary Defense Security Operations Center that can monitor endpoints around the clock for malicious programs and attacker behaviors, responding quickly to stop attacks.

To read more: