If kid's game gets infected, you may bring that to work: what to do?

“That cheating software your kid downloaded for his game is probably safe,” said not a single cybersecurity specialist, ever. At best, your kid will ruin the gaming experience for others. At worst, they’ll introduce malware to their device. Due to repeated incidents, Cybernews experts recommend keeping kids’ gaming platforms separate, virtually or physically, or consider sandboxing their games.

Some kids would do a lot to become a mafia boss LVL 50. In this case, parents were left deeply frustrated to discover that their child had become engrossed in a mobile game called Grand Mafia. Unbeknownst to them, the child had made a whopping 62 transactions using their credit card between September 4th and October 8th, 2022.

These transactions amounted to €1,240, and to add to their frustration, Revolut declined to reimburse the unauthorized charges, a report from the regulating authority reveals.

And this isn’t even the most significant risk that parents can face if they leave their kid's actions online unchecked. Malware, likely, was not a culprit here, so the kid might be able to keep their impressive mafia boss level.

Recent game hacks reveal that crooks could steal not only your kid's loot and the accounts they spent years grinding, but also remotely control their computer and spread infections to other devices.

For example, if you are logged in with your Google account in Chrome on the same compromised computer, all the malicious extensions and add-ons that hackers put here may automatically sync in your work computer if the same Google account is used.

Minecraft has been declared the most malware-infected game. Recently, cybercriminals used Minecraft Mods to execute code remotely, after a Bleeding Pipe vulnerability was discovered. Mods in the Minecraft community are used extensively, and the game is one of the most popular.

Bad actors used the technique to steal the game’s servers, personal game accounts, Steam, and Discord session info. Still, the possibilities are nearly endless as they could also steal user data for use in identity theft and use computers in botnet attacks while showing the user pop-ads.

Roblox, the other very popular game among kids, recently suffered a security breach exposing the personal information of nearly 4000 developers from Roblox Developer Conferences.

Hackers have also been busy with Call of Duty: Modern Warfare 2 players, as a self-spreading worm infected machines using an exploit first reported in 2018 but seemingly never patched.

Scammers are also more likely to target kids, especially if they possess virtual loot that sometimes costs a lot of money. One of the most common scams targeting young gamers involves offers to generate in-game currency for free.

Kids need virtual coins for virtual goods to be considered cool amongst their peers. Before pitching a case to parents, they usually look for free alternatives, which makes them vulnerable to cybercriminals. Sometimes no clever schemes are needed. Cybercriminals ask for usernames and passwords to generate gems or offer to download an app, leading to the loss of email and game accounts or worse.

Minecraft DDoS botnet

Cybersecurity expert: splitting systems is a good idea

The problem is not that the games are inherently unsafe, but vulnerabilities increase with numbers. Each instance of the game, add-on, mod, pack, overlay, automation, or cheating software carries an additional risk that quickly adds up. Only a single instance is needed for the risk to materialize and compromise the whole machine, explains Mantas Kasiliauskis, an information security researcher at Cybernews.

“Game developers often work to address these issues by implementing security measures and regularly updating their software to protect players' data and experiences. However, hackers are constantly evolving their techniques, making it challenging to eliminate all vulnerabilities completely,” he said.

Of course, strong and unique passwords for each gaming account are needed, with enabled two-factor authentication for added extra layer of security. If one gets compromised, at least the user will keep the others.

Also, both gamers and parents should keep their software up to date. However, that is only sometimes possible, as some players prefer playing some older unsupported game versions.

“The most exploited attack vectors could be phishing attacks, account takeovers due to weak password usage, malware, and mod downloads (fake game mods or cheats with implanted malware),” Kasiliauskis explains.

In some cases, infections then could potentially spread from kids' accounts to their parents’ accounts or even work computers.

“It could happen when family members use the same device. If a kid's account or activity on the shared device is compromised and contains malware or malicious software, it might spread to other accounts used on that device. Kids may sometimes download games or files from untrusted sources containing malware. If these files are later accessed by other family members or opened on work computers, the infection could spread,” warns Kasiliauskis.

Therefore, he would recommend keeping kids' computers separate. Not only that, but even using a subnet (a network segment) for kids’ gaming computers. That would require configuring router settings to create a separate network segment, allowing application parental controls. Also, an alternative would be using a guest network for kids. Then, if a security issue appears, it won’t affect other devices.

If that’s not possible, the solution could be a virtual separation. To keep work and play in safely in balance, a user could create a second Windows installation on a separate partition or sandbox.

“Creating two isolated systems on one computer could be a good idea. For example, you can set up your computer to have two separate operating systems installed on different partitions or drives, using encryption. One OS could be dedicated to safe activities and the other to riskier activities. The other option could be application sandboxing, which allows you to run potentially risky programs in a contained environment,” Kasiliauskis suggested.

Parents should also consider using one-time virtual payment cards for their child’s online purchases, which would protect them from the expensive situation described at the beginning of the article.

Finally, as always, it’s best to avoid sketchy software from unknown sources, even if it makes gaming easier. In the long term, the better player wins.