Cyber thieves trigger RAT plague in mods

Hooded man in front of computer
Cybercriminals are using gaming mods to infect computers with viruses. | Photo: Milan Jovic

The arrest of a cybercriminal who intended to used gaming mods to steal users’ data has prompted a warning from the Australian Federal Police (AFP).

A Victorian man created computer game mods for a number of online games and embedded malicious malware known as RATs (Remote Access Trojans).

AFP Acting Assistant Commissioner Chris Goldsmid said RATs were a type of malicious malware that covertly took control of a victim’s device to steal sensitive personal information and to conduct surveillance on victims without their knowledge.

Assistant Commissioner Goldsmid said coders or online gamers usually built mods to improve or enhance a game for other gamers to enjoy for free or a small fee.

“Criminals seeking to exploit this will hide the RAT within a mod making it difficult for gamers to identify if it is infected with malware,” he said.

Assistant Commissioner Goldsmid said the AFP Cybercrime team had detected and removed mods containing malware for popular computer games including PUBG: Battlegrounds, Runescape, Minecraft and ARK Survival.

Gaming mods were only one vehicle a criminal could use to embed a RAT.

“AFP intelligence has identified criminals in Australia and offshore actively obtaining RATs and similar malware variants to embed viruses into victim’s devices through a variety of ways, including downloadable email attachments hidden within ‘legitimate’ links,” Assistant Commissioner Goldsmid said.

“Once the RAT has been downloaded, malware automatically installs onto the user’s device, allowing a cybercriminal to control and access webcams, microphones, online credentials, passwords, geolocation data, files, and log history.”

Assistant Commissioner Goldsmid said a cybercriminal could gain access to thousands of downloads and scrape information from just one RAT.

He said the AFP had identified an increase in cybercriminals attempting to exploit not only Australians but victims around the world through the use of RATs.

“RATs are built to spread and takeover a victim’s device, just like a plague,” he said.

“This is a reminder for all Australians to practice good cyber hygiene, and of how important it is to keep software and virus protection updated.

“Vulnerabilities in old or unprotected software are often the target for criminals attempting to gain control over a system so the owner can be targeted and exploited.”

He said cybercriminals could build RATs that limit detection by some antivirus software, so users may not be notified if malware was installed or operating on their device.

If you think you are a victim of RAT malware, information on what to do next and how to protect yourself online can be found on the Australian Government website.