Cybercriminals targeted young players in online gaming with more than 7 million attacks in 2022, according to a report by Kaspersky. The report, titled “The Dark Side of Kids’ Virtual Gaming Worlds”, showed that focused attacks on this age group increased by 57% compared to 2021, with phishing pages used to target young players mostly mimicking global game titles including Roblox, Minecraft, Fortnite, and Apex Legends. Cybercriminals purposefully create fake game sites that appeal to children, leading them to follow phishing pages and download malicious files to their parents’ devices.
Kaspersky experts analyzed threats related to the most popular online games for children aged 3-16, detecting over 7 million attacks between January and December 2022. In the same period, nearly 40,000 users tried to download a malicious file that mimicked Roblox, resulting in a 14% increase in the number of victims compared to 2021. Half of Roblox’s 60 million users are under 13 years old, making the majority of victims potentially children who lack knowledge of cybersecurity.
Phishing pages used by cybercriminals primarily mimicked Roblox, Minecraft, Fortnite, and Apex Legends games, with over 878,000 phishing pages created for these four games in 2022. The report also revealed that games designed for 3-8-year-old children, such as Poppy Playtime and Toca Life World, were among the most attacked titles. Kaspersky experts observed a 41% rise in the number of affected users downloading malicious files disguised as Brawl Stars, reaching about 10,000 gamers attacked in 2022.
Parents need to be vigilant about what apps their children download, whether their devices have trusted security solutions installed, and teach their children about how to behave online, said Vasily M. Kolesnikov, a security expert at Kaspersky. The report recommends parents take an active interest in their children’s online activity, use parental control apps, teach their children about safe sharing of sensitive information, and communicate with their children about online safety measures.
The report also revealed that one of the most common social engineering techniques targeting young players is offering popular cheats and mods for games. On a phishing site, the user may get a whole manual on how to install the cheat properly, with instructions to disable the antivirus before installing the file. This may be specially created so malware can avoid detection on the infected device, and the longer the user’s antivirus is disabled, the more information may be collected from the victim’s computer.
The report emphasizes the increased risks for young players in online gaming and highlights the need for greater awareness of cybersecurity among parents and children.
17 March 2023
