Corporate risk rises as gamers in Sri Lanka hit by malware: Kaspersky

• Says a common tactic of infostealer involves luring gamers with links to fake cheats, modifications, or bugs for popular games such as Minecraft, Roblox, and Fortnite on platforms such as YouTube
• Cautions the threat extends beyond personal entertainment and into the corporate world
• While Sri Lanka’s figure of 10,877 compromised accounts is concerning, it was among the lower numbers in the Asia-Pacific region for 2024

By Nishel Fernando in Da Nang, Vietnam

New threat research from Kaspersky has revealed a startling figure for Sri Lanka’s gaming community and its corporate sector with at least 10,877 gaming accounts in the country compromised by infostealer malware in 2024. 

The findings were part of a larger, alarming global trend presented this week during Kaspersky’s Cyber Security Weekend held in Da Nang, Vietnam.

The research, conducted by Kaspersky’s Digital Footprint Intelligence (DFI) team, shows that infostealer malware is a widespread global issue. In 2024 alone, this notorious type of malware led to the leak of over 11 million gaming account credentials worldwide. The popular Steam platform was the hardest hit, with nearly 5.7 million accounts compromised. An additional 6.2 million accounts from other major gaming platforms, including the Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app, were also exposed.

Polina Tretyak, a Digital Footprint Intelligence Analyst at Kaspersky, detailed the mechanics of this threat during the event. She explained that infostealers are malicious software often distributed through deceptive means. A common tactic involves luring gamers with links to fake cheats, modifications, or bugs for popular games such as Minecraft, Roblox, and Fortnite on platforms such as YouTube. 

Once a user downloads and opens the linked archive, the malware infects their device and begins to exfiltrate a wide range of data.This stolen information, referred to as a “malware log file,” can include logins, passwords, cookies, bank card details, crypto wallet information, and Steam credentials.

Crucially, the threat extends beyond personal entertainment and into the corporate world. The Kaspersky report highlights that 7 percent of users whose accounts were leaked on the dark web had registered on entertainment platforms using a corporate email address. This creates a significant security backdoor for businesses.

“The fact that employees may be using corporate emails to register for personal services, including games, introduces cybersecurity risks,” Tretyak warned. 

If an employee reuses passwords across personal and work accounts, a compromised gaming credential could grant cybercriminals access to a company’s sensitive network and data.

Once stolen, this data fuels a sophisticated underground economy. “Malware log files” are sold on dark web markets, sometimes through subscription services costing up to US$ 200 for two months’ access. The value of an individual stolen account varies dramatically based on its contents. An empty account might be sold for as little as US$ 0.12, while a feature-rich Fortnite account with hundreds of valuable in-game items could be priced at US$ 2,500.

While Sri Lanka’s figure of 10,877 compromised accounts is concerning, it was among the lower numbers in the Asia-Pacific region for 2024. The data showed Thailand leading with nearly 163,000 compromised accounts, followed by the Philippines with over 93,000 and Vietnam with almost 88,000.

To combat this pervasive threat, Kaspersky advises both gamers and corporations to take immediate protective measures.

Should a user suspect an account has been compromised, it is advised to immediately conduct a comprehensive antivirus scan on all devices to detect and eradicate any infostealer malware. 

After confirming the device’s security, all compromised account passwords should be updated. The use of robust, distinct passwords for all accounts and adherence to sound digital hygiene practices are strongly recommended.

Businesses are advised to utilise services such as Kaspersky Digital Footprint Intelligence for proactive monitoring of the dark web to identify compromised corporate accounts. It remains imperative to implement a robust endpoint protection system capable of detecting, blocking, and eradicating malware. 

Furthermore, Tretyak  cited  educating employees on the hazards of employing corporate emails for personal services and the inherent risks associated with downloading unverified software as essential measures.

The research underscores a critical reality: the line between personal hobbies and corporate security is increasingly blurred. 

“You may not rest, there are monsters nearby,” Tretyak concluded, quoting a well-known gaming phrase to emphasize the constant and evolving nature of cyber threats.