League of Legends Malware Header

The growth of League of Legends has been staggering. The massively-popular multiplayer title has broken record after record, with a peak of 7.5 million concurrent users and an average of 27 million gamers playing daily last year. It turns out that the monster MOBA is just as popular in person, selling out a 45,000 seater stadium in Korea for its World Championships.

Unfortunately, such a huge player base is always going to attract those looking to exploit it. The multiplayer smash from developer Riot Games has been one of a number of games hit by hackers looking to gather player data, alongside online action RPG Path of Exile. Cyber criminals have managed to corrupt the official releases of both League of Legends and Path of Exile, infecting the installers with variants of a remote access Trojan.

According to Trend Micro, the hacks were initially discovered by the Taiwanese security conference Hacks in Taiwan (HITCON). After discovering the attack, in which saboteurs attached malicious software elements to the official install files, HITCON then worked with Trend Micro to create a malware clean-up tool. The attack was focused on Garena, a popular consumer internet platform in Asia that has partnerships with Electronic Arts, S2 Games, and Riot.

League of Legends Malware

Trend Micro also states that the attacks took plenty of care to make sure the Trojan (PlugX) was not easily discovered. The compromised game launcher was packaged with a "cleaner" that overrides the compromised launcher one with a legitimate launcher and a "dropper" that installs the PlugX binaries. The Trojan allows the attackers to perform data theft routines remotely and without the owner's permission. The hack was focused primarily on Asian gamers, with Taiwanese players making up 82% of those affected. Gamers are advised to update their games, scan their computers with a security solution, and change passwords for any accounts.

It's not the first time that the popularity of online video gaming has been exploited by hacker groups. Sony faced an infamous attack on its online services in April 2011, and compromised information was again used to access 93,000 PlayStation Network accounts. FIFA also has a bad history with hackers, with gamers exploited in FIFA 14's Ultimate Team trading card game. Nintendo, meanwhile, has also been targeted by Sony's arch-nemesis LulzSec.

Although Riot Games is sure to be unhappy about the way League of Legends has been exploited externally, the developer has been doing a fair bit of internal policing of late. After rolling out a plan to reduce player toxicity in its community last summer, including instead 14 day bans for "extreme toxicity," Riot Games then started pushing negative players out of ranked matches.

Most recently, the developer promised to reward positive players with mystery gifts. We'll keep you posted as more updates or warnings are released.

Source: Trend Micro